bitrat | 8c05da461e90984671ffd87f0e4e28e057cca4d32a0569764dcdcce2d545fac2

Resubmissions

17/04/2024, 14:54 UTC

240417-r96wzada86 10

17/04/2024, 14:54 UTC

240417-r95znsee4v 10

17/04/2024, 14:54 UTC

240417-r943dada82 10

17/04/2024, 14:54 UTC

240417-r9353sda77 10

17/04/2024, 14:54 UTC

240417-r93jjsee3x 10

15/04/2024, 13:19 UTC

240415-qkln3afc75 10

10/04/2024, 12:02 UTC

240410-n7v5xaeh49 10

10/04/2024, 12:02 UTC

240410-n7vjdaaa8t 10

Analysis

max time kernel
1810s
max time network
1819s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/04/2024, 12:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75bff99becc32bcbe56efbe7a75f4d45.exe
Size

7.0MB
MD5

75bff99becc32bcbe56efbe7a75f4d45
SHA1

81bfcc77809161a5254a27d3d4d30548c96fcd5b
SHA256

8c05da461e90984671ffd87f0e4e28e057cca4d32a0569764dcdcce2d545fac2
SHA512

940af628585713a16e685eb5251c0b954bc014460cd4ca33226df2ef260f32af56223eaf1c341862fdf1669c6bafb6e7d9c5efbeb5e437ce5e2fd9905beece69
SSDEEP

49152:uW/1GYdVTXN3r3+LXDIDAKpvuh3jwLN6/VNUKIdI9OiKuDbD2yvAkdm5wrgWX+5z:hXkZL/p

Score

10^/10

bitrat zgrat persistence rat trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.38

obqdy2u226qjiavs42z4z6zgcf6tefsoxaqzjvohmoy7kafdwgqgjkqd.onion:80

Attributes

communication_password
d93b4f1ee6f5b875a4f7fcef966bd09a
tor_process
WinSock

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral2/memory/4724-8-0x00000000050E0000-0x0000000005162000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-9-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-10-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-12-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-14-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-16-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-18-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-20-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-22-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-24-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-26-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-28-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-30-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-32-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-34-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-36-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-38-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-40-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-42-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-44-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-46-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-48-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-50-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-52-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-54-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-56-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-58-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-60-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-62-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-64-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-66-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-68-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-70-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4724-72-0x00000000050E0000-0x000000000515C000-memory.dmp	family_zgrat_v1

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1904658062-880901768-3903781817-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe,\"C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe\","	75bff99becc32bcbe56efbe7a75f4d45.exe

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000700000001ac58-2457.dat	acprotect
behavioral2/files/0x000700000001ac5c-2460.dat	acprotect
behavioral2/files/0x000700000001ac59-2461.dat	acprotect
behavioral2/files/0x000700000001ac5d-2466.dat	acprotect
behavioral2/files/0x000700000001ac5b-2473.dat	acprotect
behavioral2/files/0x000700000001ac5a-2467.dat	acprotect
behavioral2/files/0x000700000001ac5f-2463.dat	acprotect

Executes dropped EXE 64 IoCs

pid	Process
712	WinSock.exe
1480	WinSock.exe
4564	WinSock.exe
2936	WinSock.exe
5016	WinSock.exe
1360	WinSock.exe
436	WinSock.exe
3056	WinSock.exe
1592	WinSock.exe
4944	WinSock.exe
4812	WinSock.exe
1472	WinSock.exe
2128	WinSock.exe
4448	WinSock.exe
1972	WinSock.exe
3056	WinSock.exe
376	WinSock.exe
4908	WinSock.exe
3016	WinSock.exe
2780	WinSock.exe
5036	WinSock.exe
2244	WinSock.exe
3600	WinSock.exe
4520	WinSock.exe
4568	WinSock.exe
488	WinSock.exe
2028	WinSock.exe
3492	WinSock.exe
3300	WinSock.exe
4544	WinSock.exe
664	WinSock.exe
4292	WinSock.exe
4932	WinSock.exe
1984	WinSock.exe
196	WinSock.exe
3236	WinSock.exe
712	WinSock.exe
4268	WinSock.exe
1492	WinSock.exe
4548	WinSock.exe
3104	WinSock.exe
5004	WinSock.exe
2380	WinSock.exe
4300	WinSock.exe
5012	WinSock.exe
2756	WinSock.exe
1948	WinSock.exe
3904	WinSock.exe
3876	WinSock.exe
3080	WinSock.exe
1884	WinSock.exe
1984	WinSock.exe
2768	WinSock.exe
196	WinSock.exe
5024	WinSock.exe
516	WinSock.exe
2104	WinSock.exe
3048	WinSock.exe
5084	WinSock.exe
3156	WinSock.exe
5004	WinSock.exe
2672	WinSock.exe
4536	WinSock.exe
3552	WinSock.exe

Loads dropped DLL 64 IoCs

pid	Process
712	WinSock.exe
712	WinSock.exe
712	WinSock.exe
712	WinSock.exe
712	WinSock.exe
712	WinSock.exe
712	WinSock.exe
712	WinSock.exe
1480	WinSock.exe
1480	WinSock.exe
1480	WinSock.exe
1480	WinSock.exe
1480	WinSock.exe
1480	WinSock.exe
1480	WinSock.exe
4564	WinSock.exe
4564	WinSock.exe
4564	WinSock.exe
4564	WinSock.exe
4564	WinSock.exe
4564	WinSock.exe
4564	WinSock.exe
2936	WinSock.exe
2936	WinSock.exe
2936	WinSock.exe
2936	WinSock.exe
2936	WinSock.exe
2936	WinSock.exe
2936	WinSock.exe
5016	WinSock.exe
5016	WinSock.exe
5016	WinSock.exe
5016	WinSock.exe
5016	WinSock.exe
5016	WinSock.exe
5016	WinSock.exe
1360	WinSock.exe
1360	WinSock.exe
1360	WinSock.exe
1360	WinSock.exe
1360	WinSock.exe
1360	WinSock.exe
1360	WinSock.exe
436	WinSock.exe
436	WinSock.exe
436	WinSock.exe
436	WinSock.exe
436	WinSock.exe
436	WinSock.exe
436	WinSock.exe
436	WinSock.exe
3056	WinSock.exe
3056	WinSock.exe
3056	WinSock.exe
3056	WinSock.exe
3056	WinSock.exe
3056	WinSock.exe
3056	WinSock.exe
1592	WinSock.exe
1592	WinSock.exe
1592	WinSock.exe
1592	WinSock.exe
1592	WinSock.exe
1592	WinSock.exe

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000001ac5e-2455.dat	upx
behavioral2/files/0x000700000001ac58-2457.dat	upx
behavioral2/files/0x000700000001ac5c-2460.dat	upx
behavioral2/files/0x000700000001ac59-2461.dat	upx
behavioral2/files/0x000700000001ac5d-2466.dat	upx
behavioral2/memory/712-2472-0x0000000073410000-0x0000000073459000-memory.dmp	upx
behavioral2/memory/712-2474-0x0000000073300000-0x000000007340A000-memory.dmp	upx
behavioral2/files/0x000700000001ac5b-2473.dat	upx
behavioral2/memory/712-2468-0x00000000010D0000-0x00000000014D4000-memory.dmp	upx
behavioral2/files/0x000700000001ac5a-2467.dat	upx
behavioral2/memory/712-2478-0x0000000073270000-0x00000000732F8000-memory.dmp	upx
behavioral2/files/0x000700000001ac5f-2463.dat	upx
behavioral2/memory/712-2480-0x0000000072FA0000-0x000000007326F000-memory.dmp	upx
behavioral2/memory/712-2483-0x0000000073490000-0x000000007355E000-memory.dmp	upx
behavioral2/memory/712-2482-0x0000000073460000-0x0000000073484000-memory.dmp	upx
behavioral2/memory/712-2481-0x0000000073560000-0x0000000073628000-memory.dmp	upx
behavioral2/memory/712-2500-0x00000000010D0000-0x00000000014D4000-memory.dmp	upx
behavioral2/memory/712-2501-0x0000000073410000-0x0000000073459000-memory.dmp	upx
behavioral2/memory/712-2510-0x0000000073300000-0x000000007340A000-memory.dmp	upx
behavioral2/memory/1480-2603-0x00000000010D0000-0x00000000014D4000-memory.dmp	upx
behavioral2/memory/1480-2605-0x0000000072FA0000-0x000000007326F000-memory.dmp	upx
behavioral2/memory/1480-2607-0x0000000073560000-0x0000000073628000-memory.dmp	upx
behavioral2/memory/1480-2610-0x0000000073410000-0x0000000073459000-memory.dmp	upx
behavioral2/memory/712-2611-0x00000000010D0000-0x00000000014D4000-memory.dmp	upx
behavioral2/memory/1480-2613-0x0000000073460000-0x0000000073484000-memory.dmp	upx
behavioral2/memory/1480-2618-0x0000000073270000-0x00000000732F8000-memory.dmp	upx
behavioral2/memory/1480-2616-0x0000000073300000-0x000000007340A000-memory.dmp	upx
behavioral2/memory/1480-2609-0x0000000073490000-0x000000007355E000-memory.dmp	upx
behavioral2/memory/1480-2625-0x0000000073410000-0x0000000073459000-memory.dmp	upx
behavioral2/memory/1480-2626-0x0000000073460000-0x0000000073484000-memory.dmp	upx
behavioral2/memory/1480-2624-0x0000000073490000-0x000000007355E000-memory.dmp	upx
behavioral2/memory/1480-2627-0x00000000010D0000-0x00000000014D4000-memory.dmp	upx
behavioral2/memory/1480-2628-0x0000000072FA0000-0x000000007326F000-memory.dmp	upx
behavioral2/memory/1480-2629-0x0000000073560000-0x0000000073628000-memory.dmp	upx
behavioral2/memory/4564-2643-0x0000000073FD0000-0x0000000074019000-memory.dmp	upx
behavioral2/memory/4564-2642-0x0000000073730000-0x00000000737F8000-memory.dmp	upx
behavioral2/memory/4564-2640-0x0000000073800000-0x0000000073ACF000-memory.dmp	upx
behavioral2/memory/4564-2644-0x0000000073520000-0x000000007362A000-memory.dmp	upx
behavioral2/memory/4564-2645-0x0000000073490000-0x0000000073518000-memory.dmp	upx
behavioral2/memory/4564-2651-0x00000000733C0000-0x000000007348E000-memory.dmp	upx
behavioral2/memory/4564-2648-0x0000000073FA0000-0x0000000073FC4000-memory.dmp	upx
behavioral2/memory/4564-2668-0x00000000010D0000-0x00000000014D4000-memory.dmp	upx
behavioral2/memory/4564-2669-0x0000000073800000-0x0000000073ACF000-memory.dmp	upx
behavioral2/memory/4564-2678-0x0000000073730000-0x00000000737F8000-memory.dmp	upx
behavioral2/memory/2936-2701-0x0000000073730000-0x00000000737F8000-memory.dmp	upx
behavioral2/memory/2936-2702-0x00000000733C0000-0x000000007348E000-memory.dmp	upx
behavioral2/memory/2936-2704-0x0000000073FD0000-0x0000000074019000-memory.dmp	upx
behavioral2/memory/2936-2706-0x0000000073FA0000-0x0000000073FC4000-memory.dmp	upx
behavioral2/memory/2936-2712-0x0000000073490000-0x0000000073518000-memory.dmp	upx
behavioral2/memory/2936-2708-0x0000000073520000-0x000000007362A000-memory.dmp	upx
behavioral2/memory/2936-2713-0x0000000073800000-0x0000000073ACF000-memory.dmp	upx
behavioral2/memory/4564-2715-0x00000000010D0000-0x00000000014D4000-memory.dmp	upx
behavioral2/memory/2936-2723-0x0000000073730000-0x00000000737F8000-memory.dmp	upx
behavioral2/memory/2936-2724-0x00000000733C0000-0x000000007348E000-memory.dmp	upx

Looks up external IP address via web service 37 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
185	myexternalip.com
256	myexternalip.com
298	myexternalip.com
54	myexternalip.com
63	myexternalip.com
167	myexternalip.com
201	myexternalip.com
234	myexternalip.com
38	myexternalip.com
106	myexternalip.com
177	myexternalip.com
291	myexternalip.com
333	myexternalip.com
37	myexternalip.com
90	myexternalip.com
142	myexternalip.com
210	myexternalip.com
218	myexternalip.com
73	myexternalip.com
83	myexternalip.com
241	myexternalip.com
307	myexternalip.com
347	myexternalip.com
355	myexternalip.com
377	myexternalip.com
151	myexternalip.com
193	myexternalip.com
248	myexternalip.com
315	myexternalip.com
322	myexternalip.com
134	myexternalip.com
226	myexternalip.com
385	myexternalip.com
98	myexternalip.com
263	myexternalip.com
271	myexternalip.com
363	myexternalip.com

Suspicious use of NtSetInformationThreadHideFromDebugger 40 IoCs

pid	Process
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4724 set thread context of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe
4724	75bff99becc32bcbe56efbe7a75f4d45.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4540	75bff99becc32bcbe56efbe7a75f4d45.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4724	75bff99becc32bcbe56efbe7a75f4d45.exe
Token: SeShutdownPrivilege	4540	75bff99becc32bcbe56efbe7a75f4d45.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4540	75bff99becc32bcbe56efbe7a75f4d45.exe
4540	75bff99becc32bcbe56efbe7a75f4d45.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 4124	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	74
PID 4724 wrote to memory of 4124	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	74
PID 4724 wrote to memory of 4124	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	74
PID 4724 wrote to memory of 1496	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	75
PID 4724 wrote to memory of 1496	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	75
PID 4724 wrote to memory of 1496	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	75
PID 4724 wrote to memory of 1376	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	76
PID 4724 wrote to memory of 1376	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	76
PID 4724 wrote to memory of 1376	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	76
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4724 wrote to memory of 4540	4724	75bff99becc32bcbe56efbe7a75f4d45.exe	77
PID 4540 wrote to memory of 712	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	78
PID 4540 wrote to memory of 712	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	78
PID 4540 wrote to memory of 712	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	78
PID 4540 wrote to memory of 1480	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	79
PID 4540 wrote to memory of 1480	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	79
PID 4540 wrote to memory of 1480	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	79
PID 4540 wrote to memory of 4564	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	80
PID 4540 wrote to memory of 4564	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	80
PID 4540 wrote to memory of 4564	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	80
PID 4540 wrote to memory of 2936	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	81
PID 4540 wrote to memory of 2936	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	81
PID 4540 wrote to memory of 2936	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	81
PID 4540 wrote to memory of 5016	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	82
PID 4540 wrote to memory of 5016	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	82
PID 4540 wrote to memory of 5016	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	82
PID 4540 wrote to memory of 1360	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	83
PID 4540 wrote to memory of 1360	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	83
PID 4540 wrote to memory of 1360	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	83
PID 4540 wrote to memory of 436	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	84
PID 4540 wrote to memory of 436	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	84
PID 4540 wrote to memory of 436	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	84
PID 4540 wrote to memory of 3056	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	85
PID 4540 wrote to memory of 3056	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	85
PID 4540 wrote to memory of 3056	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	85
PID 4540 wrote to memory of 1592	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	86
PID 4540 wrote to memory of 1592	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	86
PID 4540 wrote to memory of 1592	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	86
PID 4540 wrote to memory of 4944	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	87
PID 4540 wrote to memory of 4944	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	87
PID 4540 wrote to memory of 4944	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	87
PID 4540 wrote to memory of 4812	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	88
PID 4540 wrote to memory of 4812	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	88
PID 4540 wrote to memory of 4812	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	88
PID 4540 wrote to memory of 1472	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	89
PID 4540 wrote to memory of 1472	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	89
PID 4540 wrote to memory of 1472	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	89
PID 4540 wrote to memory of 2128	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	90
PID 4540 wrote to memory of 2128	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	90
PID 4540 wrote to memory of 2128	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	90
PID 4540 wrote to memory of 4448	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	91
PID 4540 wrote to memory of 4448	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	91
PID 4540 wrote to memory of 4448	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	91
PID 4540 wrote to memory of 1972	4540	75bff99becc32bcbe56efbe7a75f4d45.exe	92

C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
"C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe"
1⤵
- Modifies WinLogon for persistence
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  2⤵
  PID:4124
- C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  2⤵
  PID:1496
- C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  2⤵
  PID:1376
- C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  C:\Users\Admin\AppData\Local\Temp\75bff99becc32bcbe56efbe7a75f4d45.exe
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4540
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:712
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1480
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4564
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2936
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5016
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1360
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:436
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3056
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1592
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4944
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4812
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:1472
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2128
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4448
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:1972
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3056
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:376
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4908
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3016
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2780
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:5036
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2244
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3600
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4520
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4568
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:488
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2028
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3492
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3300
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4544
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:664
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4292
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4932
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:1984
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:196
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3236
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:712
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4268
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:1492
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4548
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3104
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:5004
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2380
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4300
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:5012
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2756
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:1948
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3904
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3876
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3080
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:1884
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:1984
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2768
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:196
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:5024
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:516
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2104
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3048
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:5084
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3156
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:5004
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:2672
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:4536
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    - Executes dropped EXE
    PID:3552
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:1396
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:836
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:368
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:1592
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:1540
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:228
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:2852
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:2248
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:660
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:3224
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:4296
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:3620
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:512
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:1020
- - C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe
    "C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe" -f torrc
    3⤵
    PID:1360

Network

DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

9.193.25.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.193.25.171.in-addr.arpa

IN PTR

Response

9.193.25.171.in-addr.arpa

IN PTR

maatuska4711se
DNS

29.3.148.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.3.148.185.in-addr.arpa

IN PTR

Response

29.3.148.185.in-addr.arpa

IN PTR

this-is-hosted-bypulsedmediacom
DNS

9.140.204.15.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.140.204.15.in-addr.arpa

IN PTR

Response

9.140.204.15.in-addr.arpa

IN PTR

ns1012069 ip-15-204-140us
DNS

188.171.120.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.171.120.37.in-addr.arpa

IN PTR

Response

188.171.120.37.in-addr.arpa

IN PTR

diketorrndshit
DNS

136.71.105.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.71.105.51.in-addr.arpa

IN PTR

Response
DNS

213.104.32.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.104.32.213.in-addr.arpa

IN PTR

Response
DNS

30.18.254.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.18.254.178.in-addr.arpa

IN PTR

Response

30.18.254.178.in-addr.arpa

IN PTR

v450211blude
DNS

240.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.197.17.2.in-addr.arpa

IN PTR

Response

240.197.17.2.in-addr.arpa

IN PTR

a2-17-197-240deploystaticakamaitechnologiescom
DNS

myexternalip.com

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

8.8.8.8:53

Request

myexternalip.com

IN A

Response

myexternalip.com

IN A

34.117.118.44
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: sXg3E1eSUy73rw4E2C4na4vedBYJCC34
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:06:45 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

44.118.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.118.117.34.in-addr.arpa

IN PTR

Response

44.118.117.34.in-addr.arpa

IN PTR

4411811734bcgoogleusercontentcom
DNS

11.97.55.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.97.55.23.in-addr.arpa

IN PTR

Response

11.97.55.23.in-addr.arpa

IN PTR

a23-55-97-11deploystaticakamaitechnologiescom
DNS

171.101.63.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.101.63.23.in-addr.arpa

IN PTR

Response

171.101.63.23.in-addr.arpa

IN PTR

a23-63-101-171deploystaticakamaitechnologiescom
DNS

37.115.21.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.115.21.65.in-addr.arpa

IN PTR

Response

37.115.21.65.in-addr.arpa

IN PTR

static371152165clientsyour-serverde
DNS

72.118.172.144.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.118.172.144.in-addr.arpa

IN PTR

Response

72.118.172.144.in-addr.arpa

IN PTR

kvm zinntexasfamily
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 6UM0oT1WvHvtiuV2VwgrwqSpfORPuVsa
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:07:25 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

204.120.16.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.120.16.94.in-addr.arpa

IN PTR

Response

204.120.16.94.in-addr.arpa

IN PTR

thorion tanasciuscom
DNS

51.205.108.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

51.205.108.65.in-addr.arpa

IN PTR

Response

51.205.108.65.in-addr.arpa

IN PTR

static5120510865clientsyour-serverde
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: zJIJjSBNV33S99sVl8eRazyhZuHebdo8
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:08:02 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

183.41.63.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.41.63.178.in-addr.arpa

IN PTR

Response

183.41.63.178.in-addr.arpa

IN PTR

static1834163178clientsyour-serverde
DNS

218.112.217.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.112.217.95.in-addr.arpa

IN PTR

Response

218.112.217.95.in-addr.arpa

IN PTR

tessa-c arbitrarych
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: tdi99Qsjapg25PkzXocVk90YSwbtHmkD
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:08:38 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

220.213.239.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

220.213.239.213.in-addr.arpa

IN PTR

Response

220.213.239.213.in-addr.arpa

IN PTR

static213-239-213-220clientsyour-serverde
DNS

134.65.135.147.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.65.135.147.in-addr.arpa

IN PTR

Response

134.65.135.147.in-addr.arpa

IN PTR

torazathothzip
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 6aN6ksFH18UsvNhHVXk55vWjy9Uz04ai
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:09:20 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 3lvX1fbQtjDAwzVOIPF4rlDjtYUSrUPC
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:09:57 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

253.14.7.81.in-addr.arpa

Remote address:

8.8.8.8:53

Request

253.14.7.81.in-addr.arpa

IN PTR

Response

253.14.7.81.in-addr.arpa

IN PTR

81-7-14-253icho
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: jeNvVJUbkdst6lAJQu6y3B3YgdcmM0jA
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:10:29 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

170.246.15.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.246.15.51.in-addr.arpa

IN PTR

Response

170.246.15.51.in-addr.arpa

IN PTR

mitsuhakatawaredokinet
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: MTWESvSTeAbQ0AWDgVwtKQvKuEPiS3nt
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:11:18 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

13.0.31.128.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.0.31.128.in-addr.arpa

IN PTR

Response

13.0.31.128.in-addr.arpa

IN PTR

tor-exitcsailmitedu
DNS

246.202.69.159.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.202.69.159.in-addr.arpa

IN PTR

Response

246.202.69.159.in-addr.arpa

IN PTR

aatebuelich
DNS

150.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.1.37.23.in-addr.arpa

IN PTR

Response

150.1.37.23.in-addr.arpa

IN PTR

a23-37-1-150deploystaticakamaitechnologiescom
DNS

79.121.231.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.121.231.20.in-addr.arpa

IN PTR

Response
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 0lA2vYvqXgqwN4Pcv6Ip6Bma9pheZcK8
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:12:09 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

176.35.216.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.35.216.95.in-addr.arpa

IN PTR

Response

176.35.216.95.in-addr.arpa

IN PTR

static1763521695clientsyour-serverde
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: AsDO8g57f9249fPmNeNUpG8d9ft16AlF
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:12:50 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

116.245.255.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.245.255.173.in-addr.arpa

IN PTR

Response

116.245.255.173.in-addr.arpa

IN PTR

dronemantridnet
DNS

143.17.89.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

143.17.89.51.in-addr.arpa

IN PTR

Response
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: xTtVqzNOdjvDxARTZUIDkXKjUUsIxEt0
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:13:24 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

13.94.21.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.94.21.65.in-addr.arpa

IN PTR

Response

13.94.21.65.in-addr.arpa

IN PTR

tor-relay zwiebeltoralfde
DNS

10.117.251.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.117.251.162.in-addr.arpa

IN PTR

Response

10.117.251.162.in-addr.arpa

IN PTR

10117251162vpshousexyz
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: N9ZQpEtzKKDOvavCAi4Kd63eXGyMAigh
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:15:06 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

140.70.2.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.70.2.5.in-addr.arpa

IN PTR

Response
DNS

7.40.141.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.40.141.23.in-addr.arpa

IN PTR

Response

7.40.141.23.in-addr.arpa

IN PTR

tor-exitusdontinterceptmebrocom
DNS

188.80.27.198.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.80.27.198.in-addr.arpa

IN PTR

Response

188.80.27.198.in-addr.arpa

IN PTR

ns501203ip-198-27-80net
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: dTMUG1Tq5T9QLQI8gbDL62Fyaq2gXov7
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:15:49 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

174.104.154.195.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.104.154.195.in-addr.arpa

IN PTR

Response

174.104.154.195.in-addr.arpa

IN PTR

195-154-104-174revponeytelecomeu
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: UveCKfwtqteIDnkTQ7ey916hwVhhZ9SH
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:16:24 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

249.174.120.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.174.120.37.in-addr.arpa

IN PTR

Response

249.174.120.37.in-addr.arpa

IN PTR

nobodyyourvservernet
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: NGaWk77jwels938wfncYJBc5qX1wGIsM
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:17:01 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

79.149.227.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.149.227.212.in-addr.arpa

IN PTR

Response
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: aDFzoaUoMyZi01ZE9Xkdew8GsEu3y6Dr
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:17:43 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

93.29.94.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.29.94.185.in-addr.arpa

IN PTR

Response
DNS

93.29.94.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.29.94.185.in-addr.arpa

IN PTR

Response
DNS

65.79.132.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.79.132.212.in-addr.arpa

IN PTR

Response

65.79.132.212.in-addr.arpa

IN PTR

ip212-132-79-65pbiaascom
DNS

65.79.132.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.79.132.212.in-addr.arpa

IN PTR

Response

65.79.132.212.in-addr.arpa

IN PTR

ip212-132-79-65pbiaascom
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: rWXXlN3fb7zGPLwgfvPd7PK3woxNrCSl
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:18:25 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

251.244.195.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

251.244.195.85.in-addr.arpa

IN PTR

Response

251.244.195.85.in-addr.arpa

IN PTR

85-195-244-251fiber7init7net
DNS

251.244.195.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

251.244.195.85.in-addr.arpa

IN PTR

Response

251.244.195.85.in-addr.arpa

IN PTR

85-195-244-251fiber7init7net
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: oh5y2gwIUijXQxkHxnuctjX3qgxpjcHE
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:19:02 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

212.16.217.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.16.217.95.in-addr.arpa

IN PTR

Response

212.16.217.95.in-addr.arpa

IN PTR

static2121621795clientsyour-serverde
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: kMdOqTIRtKypQ5YtkesbeaD3G5yo51ci
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:19:39 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

87.152.109.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.152.109.77.in-addr.arpa

IN PTR

Response

87.152.109.77.in-addr.arpa

IN PTR

77-109-152-87init7net
DNS

87.152.109.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.152.109.77.in-addr.arpa

IN PTR

Response

87.152.109.77.in-addr.arpa

IN PTR

77-109-152-87init7net
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: YypVXmahrtrzEaZaw0JqastA6Ow5v5kT
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:20:14 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: reFfKuLLtOtFDmMAU3yFAVGcgKA90SOI
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:20:58 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: v21oLM7YPgrwrdX3LlWZAimN8R2Zhw05
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:21:36 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

239.242.98.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.242.98.87.in-addr.arpa

IN PTR

Response
DNS

239.242.98.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

239.242.98.87.in-addr.arpa

IN PTR

Response
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: oqy7GLnOURyWItP17xUApsIl1TMnO4we
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:22:13 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: yjqUomkdRNM9ry2ojHcmFypNWCOWCwzw
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:23:13 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

165.112.70.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

165.112.70.193.in-addr.arpa

IN PTR

Response

165.112.70.193.in-addr.arpa

IN PTR

tor1pbinco
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: fcHOIQdKIH1sXlijLmTfROgCnHWqCwJO
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:23:45 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

3.155.96.198.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.155.96.198.in-addr.arpa

IN PTR

Response

3.155.96.198.in-addr.arpa

IN PTR

exittor uwaterlooca
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: YlOIKxExcOVxuTfJwoTVY7auXhYJjnpw
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:25:56 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 8R5UbRh5McwGw1Uy0Tm31f7ymYKfNjr4
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:26:25 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

208.96.254.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.96.254.51.in-addr.arpa

IN PTR

Response

208.96.254.51.in-addr.arpa

IN PTR

tor-relay1roflcat
DNS

117.163.105.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.163.105.23.in-addr.arpa

IN PTR

Response
DNS

117.163.105.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.163.105.23.in-addr.arpa

IN PTR

Response
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: i7GfMPhD6qtZS3J6X8abzD8WVQb2WBOi
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:26:55 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

188.40.188.131.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.40.188.131.in-addr.arpa

IN PTR

Response

188.40.188.131.in-addr.arpa

IN PTR

angmar informatikuni-erlangende
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: MA5S0iNbduwbZTYNdSuaZwJCl8YcMOJl
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:27:26 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 9mlZh18sbUpENUZ4pnppUEzJ6xWtDTRX
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:28:00 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

177.179.79.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.179.79.217.in-addr.arpa

IN PTR

Response
DNS

21.36.0.146.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.36.0.146.in-addr.arpa

IN PTR

Response

21.36.0.146.in-addr.arpa

IN PTR

f523fuchsiaservdiscount-customercom
DNS

21.36.0.146.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.36.0.146.in-addr.arpa

IN PTR

Response

21.36.0.146.in-addr.arpa

IN PTR

f523fuchsiaservdiscount-customercom
DNS

235.4.90.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

235.4.90.45.in-addr.arpa

IN PTR

Response

235.4.90.45.in-addr.arpa

IN PTR

tor-exit-node1ea7deadbeefde
DNS

235.4.90.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

235.4.90.45.in-addr.arpa

IN PTR

Response

235.4.90.45.in-addr.arpa

IN PTR

tor-exit-node1ea7deadbeefde
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: fcKdcAvDXMeqKAS5LncSq5LEpRcWh8ZG
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:28:30 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

22.168.80.45.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.168.80.45.in-addr.arpa

IN PTR

Response

22.168.80.45.in-addr.arpa

IN PTR

22-168-80-45 connectedbyfreedominternet
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: caO6MOADTNPchkb48SdJCTZweTeXLaFK
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:30:04 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

217.9.126.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.9.126.23.in-addr.arpa

IN PTR

Response

217.9.126.23.in-addr.arpa

IN PTR

23-126-9-217 lightspeedlsvlky sbcglobalne
DNS

217.9.126.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.9.126.23.in-addr.arpa

IN PTR

Response

217.9.126.23.in-addr.arpa

IN PTR

23-126-9-217 lightspeedlsvlky sbcglobalne
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: CG6IdsdLDbLvjIQCC6Rr92aUNKQt0WmT
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:30:34 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

170.102.160.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.102.160.192.in-addr.arpa

IN PTR

Response

170.102.160.192.in-addr.arpa

IN PTR

ogopogorelaycoldhakcom
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: wV9nyqiprLdNyx1lMnofScbSCmiRgnVp
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:31:07 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

192.254.212.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.254.212.173.in-addr.arpa

IN PTR

Response

192.254.212.173.in-addr.arpa

IN PTR

torgraefin
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 9mKn1lRHqYSiBtJwpoUcNv9L87c5hegP
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:32:46 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

232.62.129.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.62.129.212.in-addr.arpa

IN PTR

Response

232.62.129.212.in-addr.arpa

IN PTR

torrelay wardsbackorg
DNS

232.62.129.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.62.129.212.in-addr.arpa

IN PTR

Response

232.62.129.212.in-addr.arpa

IN PTR

torrelay wardsbackorg
GET

https://myexternalip.com/raw

75bff99becc32bcbe56efbe7a75f4d45.exe

Remote address:

34.117.118.44:443

Request

GET /raw HTTP/1.1
User-Agent: 6RNEo4JtjABzBV7Y7fS7fmqLY0dY341s
Host: myexternalip.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

server: fasthttp
date: Wed, 10 Apr 2024 12:33:22 GMT
content-type: text/plain; charset=utf-8
Content-Length: 14
access-control-allow-origin: *
via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

157.208.53.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.208.53.108.in-addr.arpa

IN PTR

Response

157.208.53.108.in-addr.arpa

IN PTR

static-108-53-208-157nwrknjfiosverizonnet
DNS

157.208.53.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.208.53.108.in-addr.arpa

IN PTR

Response

157.208.53.108.in-addr.arpa

IN PTR

static-108-53-208-157nwrknjfiosverizonnet

163.172.157.213:443

WinSock.exe

156 B
3
96.253.78.108:443

WinSock.exe

156 B
3
127.0.0.1:52225

WinSock.exe
193.70.43.76:9001

WinSock.exe

156 B
3
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
92.38.163.21:443

WinSock.exe

156 B
3
171.25.193.9:80

www.h6xxg6qsadwd.com

tls

WinSock.exe

50.8kB
771.0kB
518
565
15.204.140.9:8443

www.mlq7n5niv53owq3g.com

tls

WinSock.exe

614.9kB
7.2MB
4227
5331
185.148.3.29:9000

www.b3ctzafuhuclel3a5s4ktmb.com

tls

WinSock.exe

517.2kB
5.9MB
3763
4383
37.120.171.188:443

www.5txcrg.com

tls

WinSock.exe

4.3kB
8.2kB
16
16
15.204.140.9:8443

www.b2tm7k2at5yjqslcjxrcm3oi.com

tls

WinSock.exe

24.8kB
26.9kB
59
80
185.148.3.29:9000

www.yyyh7jmkl3.com

tls

WinSock.exe

11.4kB
13.5kB
32
38
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
127.0.0.1:52376

WinSock.exe
127.0.0.1:52415

WinSock.exe
213.32.104.213:9100

www.kdf7ekw7zi.com

tls

WinSock.exe

23.0kB
31.8kB
55
74
178.254.18.30:8080

www.xl4o4zk35.com

tls

WinSock.exe

17.2kB
21.2kB
43
58
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

955 B
4.1kB
12
9

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:52487

WinSock.exe
127.0.0.1:52521

WinSock.exe
65.21.115.37:443

www.75q77b5eza4.com

tls

WinSock.exe

12.6kB
13.0kB
34
28
144.172.118.72:443

www.h5liubvnyynfp7yw727alpcm.com

tls

WinSock.exe

6.1kB
9.6kB
21
21
213.32.104.213:9100

www.ktrjhttoklssvsqwb4.com

tls

WinSock.exe

25.3kB
30.0kB
58
78
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:52580

WinSock.exe
127.0.0.1:52611

WinSock.exe
94.16.120.204:443

www.yr567ehfxb7.com

tls

WinSock.exe

3.2kB
9.3kB
15
17
213.32.104.213:9100

www.rrba3giukj7466smo.com

tls

WinSock.exe

18.2kB
21.6kB
43
56
65.108.205.51:9001

www.nrw5gb4vssxub3lwvjcuujaf.com

tls

WinSock.exe

19.9kB
23.9kB
45
61
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:52665

WinSock.exe
127.0.0.1:52692

WinSock.exe
185.220.101.48:20048

WinSock.exe

156 B
120 B
3
3
178.63.41.183:8000

www.hrf5psvhlwndjewo4uxj.com

tls

WinSock.exe

4.3kB
6.7kB
15
17
213.32.104.213:9100

www.vwabbzxnzyaguivtt.com

tls

WinSock.exe

15.3kB
21.4kB
38
50
95.217.112.218:443

www.waaiedg6yhe44eca72r.com

tls

WinSock.exe

17.6kB
21.7kB
41
58
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:52747

WinSock.exe
127.0.0.1:52776

WinSock.exe
77.247.181.162:443

WinSock.exe

156 B
3
213.32.104.213:9100

www.rm37keqcedq3mwze.com

tls

WinSock.exe

20.0kB
23.9kB
48
59
213.239.213.220:8000

www.wtqhs6su56.com

tls

WinSock.exe

15.9kB
18.7kB
38
50
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
147.135.65.134:443

www.2uqgqfjy77.com

tls

WinSock.exe

2.5kB
4.9kB
10
10
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:52833

WinSock.exe
127.0.0.1:52858

WinSock.exe
78.47.18.110:80

WinSock.exe

156 B
120 B
3
3
213.32.104.213:9100

www.iky6an3wkozps4d3hdiv3.com

tls

WinSock.exe

18.9kB
24.6kB
45
63
144.172.118.72:443

www.72sff42ses.com

tls

WinSock.exe

18.4kB
24.3kB
47
59
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:52916

WinSock.exe
127.0.0.1:52940

WinSock.exe
81.7.14.253:443

www.kwfwc.com

tls

WinSock.exe

3.6kB
9.3kB
16
18
95.217.112.218:443

www.ftbtk7735gqqvqwwog4cslu35.com

tls

WinSock.exe

18.8kB
22.9kB
44
61
213.32.104.213:9100

www.fk4ekzoujia.com

tls

WinSock.exe

15.4kB
19.9kB
38
52
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:52986

WinSock.exe
127.0.0.1:53017

WinSock.exe
192.42.116.16:443

WinSock.exe

156 B
3
51.15.246.170:443

www.i3d7jeyof.com

tls

WinSock.exe

17.7kB
22.7kB
42
58
213.32.104.213:9100

www.whiqokwjxur3aotttlkykwxs.com

tls

WinSock.exe

15.9kB
20.4kB
38
53
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53085

WinSock.exe
127.0.0.1:53112

WinSock.exe
128.31.0.13:443

www.2az453tmofxe.com

tls

WinSock.exe

3.1kB
9.2kB
13
13
213.32.104.213:9100

www.cbn2de25l4t2zxzhk.com

tls

WinSock.exe

24.8kB
30.8kB
60
84
159.69.202.246:9001

www.gojdzq3pkbs.com

tls

WinSock.exe

13.0kB
16.2kB
32
40
52.142.223.178:80

46 B
1
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53185

WinSock.exe
127.0.0.1:53214

WinSock.exe
185.220.101.48:20048

WinSock.exe

156 B
120 B
3
3
213.32.104.213:9100

www.y5iygxtdygzvpknazp.com

tls

WinSock.exe

23.5kB
28.6kB
55
72
95.216.35.176:9001

www.jxmfxoe27jk.com

tls

WinSock.exe

10.7kB
14.6kB
29
39
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53274

WinSock.exe
127.0.0.1:53297

WinSock.exe
173.255.245.116:9001

www.yujdy4vd.com

tls

WinSock.exe

3.1kB
9.2kB
13
14
213.32.104.213:9100

www.apmocax4q5kpt6.com

tls

WinSock.exe

12.4kB
15.1kB
31
39
51.89.17.143:8080

www.jlbgb3iaf34mp3vh2fgyh52a.com

tls

WinSock.exe

21.7kB
25.6kB
49
65
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53351

WinSock.exe
127.0.0.1:53379

WinSock.exe
65.21.94.13:9001

www.zxjdo6cof.com

tls

WinSock.exe

3.1kB
9.1kB
12
12
162.251.117.10:443

www.ewhokemgfgz73kf5lppwnv.com

tls

WinSock.exe

15.0kB
18.9kB
40
53
213.32.104.213:9100

www.imo2htwstq.com

tls

WinSock.exe

7.9kB
9.8kB
24
27
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
127.0.0.1:53445

WinSock.exe
37.187.102.186:9001

WinSock.exe

156 B
3
127.0.0.1:53472

WinSock.exe
213.32.104.213:9100

www.xtxjq4ipipgx55422j.com

tls

WinSock.exe

13.8kB
18.6kB
37
47
95.217.112.218:443

www.bvfkqmzqdh3oxe.com

tls

WinSock.exe

19.3kB
25.6kB
44
63
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
5.2.70.140:443

www.bg7heebwxcif7.com

tls

WinSock.exe

1.4kB
208 B
10
4
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53529

WinSock.exe
127.0.0.1:53557

WinSock.exe
23.141.40.7:443

www.jwr5byp7ihgrworv6v.com

tls

WinSock.exe

3.1kB
9.1kB
12
12
213.32.104.213:9100

www.64nwrsoxokk6z.com

tls

WinSock.exe

21.2kB
26.5kB
51
70
198.27.80.188:443

www.kwf2orltvgueujcycki25.com

tls

WinSock.exe

13.6kB
15.8kB
33
43
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53613

WinSock.exe
127.0.0.1:53641

WinSock.exe
85.235.250.88:443

WinSock.exe

156 B
3
195.154.104.174:9001

www.gnau.com

tls

WinSock.exe

20.0kB
25.3kB
48
68
213.32.104.213:9100

www.7w27ufjqj.com

tls

WinSock.exe

13.7kB
18.5kB
36
45
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53692

WinSock.exe
127.0.0.1:53718

WinSock.exe
37.120.174.249:443

www.hmnvwtmmtkaw3v4i6vfw.com

tls

WinSock.exe

3.2kB
9.3kB
14
17
162.251.117.10:443

www.2kjhd.com

tls

WinSock.exe

11.2kB
12.8kB
28
36
213.32.104.213:9100

www.y2yqt3vrrp67a42i.com

tls

WinSock.exe

25.3kB
30.5kB
58
79
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53769

WinSock.exe
127.0.0.1:53800

WinSock.exe
163.172.139.104:443

WinSock.exe

156 B
3
213.32.104.213:9100

www.jzxkmjrrxpuf72pqzsw5gfg.com

tls

WinSock.exe

11.2kB
13.5kB
28
38
212.227.149.79:443

www.ltcbmpsgtqyuhzw7xzyupo.com

tls

WinSock.exe

25.3kB
30.4kB
59
76
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53855

WinSock.exe
127.0.0.1:53882

WinSock.exe
185.94.29.93:443

www.hjvvvm5kntlcgmjbepw76ta.com

tls

WinSock.exe

3.1kB
6.1kB
13
15
212.132.79.65:443

www.xufba4ng.com

tls

WinSock.exe

19.6kB
24.7kB
50
66
213.32.104.213:9100

www.6ogszgnsdqu6wxdjqz6pk2.com

tls

WinSock.exe

14.8kB
18.6kB
37
48
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:53942

WinSock.exe
127.0.0.1:53965

WinSock.exe
37.157.255.35:9090

WinSock.exe

156 B
3
213.32.104.213:9100

www.t6v7btg.com

tls

WinSock.exe

19.4kB
22.9kB
46
62
85.195.244.251:28123

www.zv5cec6pqh7oii7ycr.com

tls

WinSock.exe

15.9kB
20.9kB
38
52
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54018

WinSock.exe
127.0.0.1:54048

WinSock.exe
95.217.16.212:587

www.xezmikx3z5ldt.com

tls

WinSock.exe

3.3kB
8.0kB
16
18
213.32.104.213:9100

www.ycbfuwqsf3.com

tls

WinSock.exe

28.7kB
34.2kB
64
90
51.89.17.143:8080

www.a3cnon7hu6qshemhhwqd4l.com

tls

WinSock.exe

6.6kB
10.8kB
20
25
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
651 B
9
6

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54101

WinSock.exe
127.0.0.1:54130

WinSock.exe
62.141.38.69:443

WinSock.exe

156 B
3
77.109.152.87:143

www.jvyj.com

tls

WinSock.exe

12.1kB
17.7kB
36
46
213.32.104.213:9100

www.nlp7565cxodte.com

tls

WinSock.exe

24.1kB
30.0kB
55
79
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54176

WinSock.exe
127.0.0.1:54206

WinSock.exe
188.138.88.42:443

WinSock.exe

156 B
3
94.16.120.204:443

www.yfhev3shcaaqfacvmf6w.com

tls

WinSock.exe

17.7kB
21.7kB
43
60
213.32.104.213:9100

www.mmtueq.com

tls

WinSock.exe

16.5kB
18.8kB
39
51
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54259

WinSock.exe
127.0.0.1:54287

WinSock.exe
51.15.179.153:995

WinSock.exe

156 B
3
198.27.80.188:443

www.uc4q64m.com

tls

WinSock.exe

21.2kB
26.3kB
50
67
213.32.104.213:9100

www.dsqi5.com

tls

WinSock.exe

15.4kB
17.6kB
38
48
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54343

WinSock.exe
127.0.0.1:54369

WinSock.exe
185.96.88.29:443

WinSock.exe

156 B
3
213.32.104.213:9100

www.lapfpj43rk62y2.com

tls

WinSock.exe

23.0kB
27.4kB
54
69
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
87.98.242.239:443

www.lqf7s6ml5hokkdpv.com

tls

WinSock.exe

10.7kB
13.8kB
28
35
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54424

WinSock.exe
127.0.0.1:54452

WinSock.exe
136.243.214.137:443

WinSock.exe

156 B
3
65.21.115.37:443

www.grv77pja7dwhed2.com

tls

WinSock.exe

19.3kB
20.4kB
48
52
213.32.104.213:9100

www.xlzq6xq4w6q7gkc573.com

tls

WinSock.exe

18.2kB
23.2kB
42
57
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54530

WinSock.exe
127.0.0.1:54555

WinSock.exe
193.70.112.165:443

www.zezy.com

tls

WinSock.exe

3.1kB
9.1kB
12
13
213.32.104.213:9100

www.uc4f37w4s.com

tls

WinSock.exe

13.6kB
18.0kB
35
45
51.89.17.143:8080

www.tbmp.com

tls

WinSock.exe

20.7kB
26.2kB
50
64
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
651 B
9
6

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54605

WinSock.exe
127.0.0.1:54631

WinSock.exe
148.251.190.229:9010

WinSock.exe

156 B
3
5.2.70.140:443

www.qf67heeexavq5q64go.com

tls

WinSock.exe

3.7kB
8.2kB
20
11
213.32.104.213:9100

www.wcqeqcmrjkyr.com

tls

WinSock.exe

14.8kB
17.4kB
36
44
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
127.0.0.1:54695

WinSock.exe
127.0.0.1:54723

WinSock.exe
212.47.233.250:9001

WinSock.exe

156 B
3
213.32.104.213:9100

www.7p67sn7.com

tls

WinSock.exe

7.9kB
11.6kB
25
30
178.63.41.183:8000

www.l5x5ek45prlvu7nmxu.com

tls

WinSock.exe

16.6kB
21.1kB
43
56
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
127.0.0.1:54768

WinSock.exe
127.0.0.1:54796

WinSock.exe
198.96.155.3:5001

www.ofvjfqonz4usdf.com

tls

WinSock.exe

3.1kB
9.1kB
13
13
65.108.205.51:9001

www.gmml3yzznsn.com

tls

WinSock.exe

20.6kB
25.7kB
49
65
213.32.104.213:9100

www.7cgxj.com

tls

WinSock.exe

11.2kB
14.4kB
28
35
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54841

WinSock.exe
127.0.0.1:54867

WinSock.exe
37.252.187.111:443

WinSock.exe

156 B
3
213.32.104.213:9100

www.trnqnbiekbbg6aqninh.com

tls

WinSock.exe

24.6kB
29.8kB
55
76
185.94.29.93:443

www.kxymc3xlrrnzcvgn57jc2gf.com

tls

WinSock.exe

9.5kB
11.6kB
26
32
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54916

WinSock.exe
127.0.0.1:54943

WinSock.exe
51.254.96.208:9001

www.zrqdlg7ts4bdovl4s6io4.com

tls

WinSock.exe

801 B
3.7kB
8
8
213.32.104.213:9100

www.gme6ganbzbgqi5tzbn2.com

tls

WinSock.exe

21.2kB
26.3kB
51
65
23.105.163.117:443

www.fhnodh36qhdouml3xgwpbgd2.com

tls

WinSock.exe

12.6kB
16.8kB
35
41
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
651 B
9
6

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:54987

WinSock.exe
127.0.0.1:55015

WinSock.exe
131.188.40.188:11180

www.kjo64aodtmuez4pr34iikaebg.com

tls

WinSock.exe

3.1kB
9.1kB
12
13
213.32.104.213:9100

www.p2saizs.com

tls

WinSock.exe

12.5kB
15.5kB
32
35
77.109.152.87:143

www.i3wpi7kzvl53wjgrh.com

tls

WinSock.exe

20.9kB
31.0kB
55
72
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55061

WinSock.exe
127.0.0.1:55087

WinSock.exe
85.248.227.164:9002

WinSock.exe

156 B
3
77.109.152.87:143

www.365nxdljeh5d.com

tls

WinSock.exe

26.9kB
36.2kB
69
89
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
213.32.104.213:9100

www.oeeaboc7k2ajwz6wky6uxb36.com

tls

WinSock.exe

7.1kB
9.6kB
19
21
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55138

WinSock.exe
217.79.179.177:9001

www.3lya5yx7d3egkv24fmh.com

tls

WinSock.exe

3.1kB
9.1kB
12
12
127.0.0.1:55168

WinSock.exe
213.32.104.213:9100

www.uppnexvihu.com

tls

WinSock.exe

20.0kB
25.1kB
47
62
146.0.36.21:9006

www.naehvq3n5tyhpdtj4uy.com

tls

WinSock.exe

11.3kB
13.9kB
30
35
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
45.90.4.235:9001

www.b4nja3lhko.com

tls

WinSock.exe

3.0kB
4.9kB
10
11
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
651 B
9
6

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55215

WinSock.exe
127.0.0.1:55243

WinSock.exe
95.217.16.212:587

www.rxcocakuhc6wt66.com

tls

WinSock.exe

5.5kB
8.1kB
20
20
45.80.168.22:9001

www.owqpb5vb6gfdy3nijaz54vx.com

tls

WinSock.exe

19.5kB
23.4kB
48
60
213.32.104.213:9100

www.stiopoxluqi5suv325og.com

tls

WinSock.exe

16.7kB
17.8kB
43
51
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
127.0.0.1:55309

WinSock.exe
127.0.0.1:55335

WinSock.exe
62.210.254.132:443

WinSock.exe

156 B
3
213.32.104.213:9100

www.vsobgcccib7qv75mb3daw6ij.com

tls

WinSock.exe

17.7kB
22.1kB
44
53
198.27.80.188:443

www.ar757jxrnh7u3lp.com

tls

WinSock.exe

16.5kB
19.8kB
39
51
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55376

WinSock.exe
185.94.29.93:443

www.kr4v5ups6txvsib4.com

tls

WinSock.exe

3.0kB
5.9kB
10
10
127.0.0.1:55412

WinSock.exe
213.32.104.213:9100

www.cm4iqcbq2neh2k64er6v.com

tls

WinSock.exe

17.7kB
22.7kB
44
57
23.126.9.217:9001

www.nytjirzm7l.com

tls

WinSock.exe

15.3kB
20.3kB
37
52
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55455

WinSock.exe
127.0.0.1:55483

WinSock.exe
192.160.102.170:9001

www.dhw7czrdo3mri5dj3dc7q.com

tls

WinSock.exe

3.3kB
8.8kB
14
12
77.109.152.87:143

www.u2d6vdfirvo7lcpxlqjkj.com

tls

WinSock.exe

19.2kB
27.7kB
52
68
213.32.104.213:9100

www.bclqu7smkk4wzym57nh55c.com

tls

WinSock.exe

14.8kB
19.6kB
38
47
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55531

WinSock.exe
127.0.0.1:55559

WinSock.exe
173.212.254.192:31337

www.kkt2yfh5dk7rfdhx.com

tls

WinSock.exe

3.1kB
9.3kB
13
16
162.251.117.10:443

www.73mfaeqva.com

tls

WinSock.exe

9.1kB
11.7kB
27
32
213.32.104.213:9100

www.ozxn6x3ro5ldblpnfz7wuxm.com

tls

WinSock.exe

19.6kB
20.7kB
48
56
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
127.0.0.1:55633

WinSock.exe
185.100.84.212:443

WinSock.exe

156 B
3
127.0.0.1:55656

WinSock.exe
213.32.104.213:9100

www.f4bbl5m2leiawj4zscp2.com

tls

WinSock.exe

22.4kB
25.9kB
52
69
95.216.35.176:9001

www.s6ga4isgx42mw3o3.com

tls

WinSock.exe

18.8kB
22.7kB
44
57
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
651 B
9
6

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55713

WinSock.exe
127.0.0.1:55739

WinSock.exe
81.7.13.84:443

WinSock.exe

156 B
3
213.32.104.213:9100

www.c4gf5f5sybowio2i6.com

tls

WinSock.exe

8.4kB
12.4kB
24
26
212.129.62.232:443

www.wkr4p.com

tls

WinSock.exe

24.0kB
28.8kB
54
76
127.0.0.1:45808

75bff99becc32bcbe56efbe7a75f4d45.exe
34.117.118.44:443

https://myexternalip.com/raw

tls, http

75bff99becc32bcbe56efbe7a75f4d45.exe

1.0kB
691 B
9
7

HTTP Request

GET https://myexternalip.com/raw

HTTP Response

200
127.0.0.1:55802

WinSock.exe
108.53.208.157:443

www.j4a6d2p7cj2w5w7mdrnsmiey.com

tls

WinSock.exe

4.2kB
8.9kB
12
14
213.32.104.213:9100

www.7duvtcawrf3alw.com

tls

WinSock.exe

8.3kB
11.0kB
22
29

8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

9.193.25.171.in-addr.arpa

dns

71 B
101 B
1
1

DNS Request

9.193.25.171.in-addr.arpa
8.8.8.8:53

29.3.148.185.in-addr.arpa

dns

71 B
118 B
1
1

DNS Request

29.3.148.185.in-addr.arpa
8.8.8.8:53

9.140.204.15.in-addr.arpa

dns

71 B
111 B
1
1

DNS Request

9.140.204.15.in-addr.arpa
8.8.8.8:53

188.171.120.37.in-addr.arpa

dns

73 B
104 B
1
1

DNS Request

188.171.120.37.in-addr.arpa
8.8.8.8:53

136.71.105.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

136.71.105.51.in-addr.arpa
8.8.8.8:53

213.104.32.213.in-addr.arpa

dns

73 B
128 B
1
1

DNS Request

213.104.32.213.in-addr.arpa
8.8.8.8:53

30.18.254.178.in-addr.arpa

dns

72 B
100 B
1
1

DNS Request

30.18.254.178.in-addr.arpa
8.8.8.8:53

240.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

240.197.17.2.in-addr.arpa
8.8.8.8:53

myexternalip.com

dns

75bff99becc32bcbe56efbe7a75f4d45.exe

62 B
78 B
1
1

DNS Request

myexternalip.com

DNS Response

34.117.118.44
8.8.8.8:53

44.118.117.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

44.118.117.34.in-addr.arpa
8.8.8.8:53

11.97.55.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

11.97.55.23.in-addr.arpa
8.8.8.8:53

171.101.63.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

171.101.63.23.in-addr.arpa
8.8.8.8:53

37.115.21.65.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

37.115.21.65.in-addr.arpa
8.8.8.8:53

72.118.172.144.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

72.118.172.144.in-addr.arpa
8.8.8.8:53

204.120.16.94.in-addr.arpa

dns

72 B
107 B
1
1

DNS Request

204.120.16.94.in-addr.arpa
8.8.8.8:53

51.205.108.65.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

51.205.108.65.in-addr.arpa
8.8.8.8:53

183.41.63.178.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

183.41.63.178.in-addr.arpa
8.8.8.8:53

218.112.217.95.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

218.112.217.95.in-addr.arpa
8.8.8.8:53

220.213.239.213.in-addr.arpa

dns

74 B
133 B
1
1

DNS Request

220.213.239.213.in-addr.arpa
8.8.8.8:53

134.65.135.147.in-addr.arpa

dns

73 B
103 B
1
1

DNS Request

134.65.135.147.in-addr.arpa
8.8.8.8:53

253.14.7.81.in-addr.arpa

dns

70 B
100 B
1
1

DNS Request

253.14.7.81.in-addr.arpa
8.8.8.8:53

170.246.15.51.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

170.246.15.51.in-addr.arpa
8.8.8.8:53

13.0.31.128.in-addr.arpa

dns

70 B
106 B
1
1

DNS Request

13.0.31.128.in-addr.arpa
8.8.8.8:53

246.202.69.159.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

246.202.69.159.in-addr.arpa
8.8.8.8:53

150.1.37.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

150.1.37.23.in-addr.arpa
8.8.8.8:53

79.121.231.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

79.121.231.20.in-addr.arpa
8.8.8.8:53

176.35.216.95.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

176.35.216.95.in-addr.arpa
8.8.8.8:53

116.245.255.173.in-addr.arpa

dns

74 B
105 B
1
1

DNS Request

116.245.255.173.in-addr.arpa
8.8.8.8:53

143.17.89.51.in-addr.arpa

dns

71 B
126 B
1
1

DNS Request

143.17.89.51.in-addr.arpa
8.8.8.8:53

13.94.21.65.in-addr.arpa

dns

70 B
110 B
1
1

DNS Request

13.94.21.65.in-addr.arpa
8.8.8.8:53

10.117.251.162.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

10.117.251.162.in-addr.arpa
8.8.8.8:53

140.70.2.5.in-addr.arpa

dns

69 B
143 B
1
1

DNS Request

140.70.2.5.in-addr.arpa
8.8.8.8:53

7.40.141.23.in-addr.arpa

dns

70 B
118 B
1
1

DNS Request

7.40.141.23.in-addr.arpa
8.8.8.8:53

188.80.27.198.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

188.80.27.198.in-addr.arpa
8.8.8.8:53

174.104.154.195.in-addr.arpa

dns

74 B
123 B
1
1

DNS Request

174.104.154.195.in-addr.arpa
8.8.8.8:53

249.174.120.37.in-addr.arpa

dns

73 B
109 B
1
1

DNS Request

249.174.120.37.in-addr.arpa
8.8.8.8:53

79.149.227.212.in-addr.arpa

dns

73 B
138 B
1
1

DNS Request

79.149.227.212.in-addr.arpa
8.8.8.8:53

93.29.94.185.in-addr.arpa

dns

142 B
286 B
2
2

DNS Request

93.29.94.185.in-addr.arpa

DNS Request

93.29.94.185.in-addr.arpa
8.8.8.8:53

65.79.132.212.in-addr.arpa

dns

144 B
224 B
2
2

DNS Request

65.79.132.212.in-addr.arpa

DNS Request

65.79.132.212.in-addr.arpa
8.8.8.8:53

251.244.195.85.in-addr.arpa

dns

146 B
236 B
2
2

DNS Request

251.244.195.85.in-addr.arpa

DNS Request

251.244.195.85.in-addr.arpa
8.8.8.8:53

212.16.217.95.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

212.16.217.95.in-addr.arpa
8.8.8.8:53

87.152.109.77.in-addr.arpa

dns

144 B
218 B
2
2

DNS Request

87.152.109.77.in-addr.arpa

DNS Request

87.152.109.77.in-addr.arpa
8.8.8.8:53

239.242.98.87.in-addr.arpa

dns

144 B
248 B
2
2

DNS Request

239.242.98.87.in-addr.arpa

DNS Request

239.242.98.87.in-addr.arpa
8.8.8.8:53

165.112.70.193.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

165.112.70.193.in-addr.arpa
8.8.8.8:53

3.155.96.198.in-addr.arpa

dns

71 B
106 B
1
1

DNS Request

3.155.96.198.in-addr.arpa
8.8.8.8:53

208.96.254.51.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

208.96.254.51.in-addr.arpa
8.8.8.8:53

117.163.105.23.in-addr.arpa

dns

146 B
272 B
2
2

DNS Request

117.163.105.23.in-addr.arpa

DNS Request

117.163.105.23.in-addr.arpa
8.8.8.8:53

188.40.188.131.in-addr.arpa

dns

73 B
120 B
1
1

DNS Request

188.40.188.131.in-addr.arpa
8.8.8.8:53

177.179.79.217.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

177.179.79.217.in-addr.arpa
8.8.8.8:53

21.36.0.146.in-addr.arpa

dns

140 B
244 B
2
2

DNS Request

21.36.0.146.in-addr.arpa

DNS Request

21.36.0.146.in-addr.arpa
8.8.8.8:53

235.4.90.45.in-addr.arpa

dns

140 B
226 B
2
2

DNS Request

235.4.90.45.in-addr.arpa

DNS Request

235.4.90.45.in-addr.arpa
8.8.8.8:53

22.168.80.45.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

22.168.80.45.in-addr.arpa
8.8.8.8:53

217.9.126.23.in-addr.arpa

dns

142 B
256 B
2
2

DNS Request

217.9.126.23.in-addr.arpa

DNS Request

217.9.126.23.in-addr.arpa
8.8.8.8:53

170.102.160.192.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

170.102.160.192.in-addr.arpa
8.8.8.8:53

192.254.212.173.in-addr.arpa

dns

74 B
100 B
1
1

DNS Request

192.254.212.173.in-addr.arpa
8.8.8.8:53

232.62.129.212.in-addr.arpa

dns

146 B
220 B
2
2

DNS Request

232.62.129.212.in-addr.arpa

DNS Request

232.62.129.212.in-addr.arpa
8.8.8.8:53

157.208.53.108.in-addr.arpa

dns

146 B
264 B
2
2

DNS Request

157.208.53.108.in-addr.arpa

DNS Request

157.208.53.108.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\d4f7be4f\tor\WinSock.exe

Filesize
973KB

MD5
5cfe61ff895c7daa889708665ef05d7b

SHA1
5e58efe30406243fbd58d4968b0492ddeef145f2

SHA256
f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

SHA512
43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\data\cached-certs

Filesize
20KB

MD5
aa859e0b0f252cc78d8105d825cceec2

SHA1
4f3eb72b32832068fef492de7fdd11941e7ee01f

SHA256
a9fe3a813bd7c2c89877b40e7a6980709547e398051647a7b6531c5b45e3c197

SHA512
d60f05df4efe6e70b3a882c195e7cbd423967e74b9e13fe31c322ac053fd856fccb0930b6db3918ca08c833d09fa2373ec63e712ff6490cf345bff99f7fc6dc4

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\data\cached-microdesc-consensus.tmp

Filesize
2.6MB

MD5
6fcc4b924d58bbb8462b7ee1961c7977

SHA1
41e1e2d4561bb169144e7d1a08c6a7f3dc731c2d

SHA256
edbc99c46f9d6785d0cedf6fa6de99e6c7a20187a738e29d55258584db2660ed

SHA512
2d3539570f1a6024c291c25a3aed2f61668ec03aa614b92118380a60510fab72878539f0bc3d51e1c8ce20f3b26400c35cd714fcf146dd3288a8da861ee5a6fe

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\data\cached-microdescs

Filesize
20.3MB

MD5
a396a447b773d46b5900747fb2507391

SHA1
fa1322fe3ada821897a527fa59ad4b5747a28dc8

SHA256
d310c1dc486ae8227c6051c38a940d13ad868157922d134cc8aa6497446e936c

SHA512
681935ee696f1da70815a6227f4bab3b1116a96455707d54d957e0b32579bd103aaadf268469daa783d780a226ca7832aed4dc5079e991ffd2628e447f898f69

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\data\cached-microdescs.new

Filesize
6.9MB

MD5
cb8be35d074ea813beac1de6cd6e4434

SHA1
1e96dfaace812d320b1b158b8c492f8b10bf7046

SHA256
a0c22fbfb3e7fc38f5bcb76d268b24d13a2337d61cfbc0d1292a0bfdd6ebc701

SHA512
73db7fca735c7f64e7b92864dd337e22628a77a4508af44997f9d65ae42efe9a16e8c89ff711e4eb40bea6c1ce9f1ca03518f79391dcb2e5121cf1de7166abeb

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\data\cached-microdescs.new

Filesize
20.3MB

MD5
d89aa2bbf96ade28bf6c642e65288b60

SHA1
0ecffee96324f72759f24ebc0e78c6c6e0b34ac6

SHA256
0639911054f0d025041b237046930593decb16ea30abe769d512a1546ac33453

SHA512
dc47a56b74a47c1b92ca439c6003c5b79b7410393126c1ba18062edec0200e601a0f39b10afee2a949c10e8677bd7bfd4ae89195b12367454c90ae34654289e3

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\data\state

Filesize
232B

MD5
0b4f1914db9470e7d22b11e8c5978d2b

SHA1
71d8a9e811f543eb2aaed843333a95b61e4374c8

SHA256
cfce3dea2cf2e626a8ff92b98206c625205521ea6f01def068445b7f7b60a502

SHA512
2b7ac687318852f670e86c67c112a4215abd8ff882668d7d2f5af704f9af934e11195539825ada11dc9ec1472312a034366945d1e81cd4d7f24439aa15e97e4a

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\data\state

Filesize
3KB

MD5
82a32637e1d7fce04f2042a014f94f7b

SHA1
4113a1ef1b65dea06f68547a3a2756fa36ed4bc9

SHA256
de76684b7974fd10b0d1ad6c7f90076d466298b42d79e9ac0e878977a35542ff

SHA512
3121a958208844b51191a8b25b6a7af88030f8e3d623c97ef66278602442d506f10c895a60924d8daf675e309e3461ef7204524175e2552d74cbb37a5011affa

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\libcrypto-1_1.dll

Filesize
1.7MB

MD5
2384a02c4a1f7ec481adde3a020607d3

SHA1
7e848d35a10bf9296c8fa41956a3daa777f86365

SHA256
c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

SHA512
1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\libssp-0.dll

Filesize
88KB

MD5
2c916456f503075f746c6ea649cf9539

SHA1
fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

SHA256
cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

SHA512
1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\libwinpthread-1.dll

Filesize
188KB

MD5
d407cc6d79a08039a6f4b50539e560b8

SHA1
21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

SHA256
92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

SHA512
378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

Download Submit
C:\Users\Admin\AppData\Local\d4f7be4f\tor\torrc

Filesize
157B

MD5
68afdef35a6105c2b148649bd05901b0

SHA1
828a2b590a95c2a411cc1b0004207747f2571024

SHA256
4e4e4e7f9fb03bcb898ce4f6075e3082d3a341d9fff1955ddf45089f83565622

SHA512
f198da05ec57c8525e6643f7f2c212701d0ab641d2850a28ce4cea7c33ac7b5c75782273bf7f01f95ccf02e27adf7c237ed116c5b0f220c13e70fe0aa7cfc671

Download Submit
\Users\Admin\AppData\Local\d4f7be4f\tor\libevent-2-1-6.dll

Filesize
366KB

MD5
099983c13bade9554a3c17484e5481f1

SHA1
a84e69ad9722f999252d59d0ed9a99901a60e564

SHA256
b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

SHA512
89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

Download Submit
\Users\Admin\AppData\Local\d4f7be4f\tor\libgcc_s_sjlj-1.dll

Filesize
286KB

MD5
b0d98f7157d972190fe0759d4368d320

SHA1
5715a533621a2b642aad9616e603c6907d80efc4

SHA256
2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

SHA512
41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

Download Submit
\Users\Admin\AppData\Local\d4f7be4f\tor\libssl-1_1.dll

Filesize
439KB

MD5
c88826ac4bb879622e43ead5bdb95aeb

SHA1
87d29853649a86f0463bfd9ad887b85eedc21723

SHA256
c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

SHA512
f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

Download Submit
\Users\Admin\AppData\Local\d4f7be4f\tor\zlib1.dll

Filesize
52KB

MD5
add33041af894b67fe34e1dc819b7eb6

SHA1
6db46eb021855a587c95479422adcc774a272eeb

SHA256
8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

SHA512
bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

Download Submit
memory/712-2468-0x00000000010D0000-0x00000000014D4000-memory.dmp

Filesize
4.0MB

Download
memory/712-2483-0x0000000073490000-0x000000007355E000-memory.dmp

Filesize
824KB

Download
memory/712-2481-0x0000000073560000-0x0000000073628000-memory.dmp

Filesize
800KB

Download
memory/712-2479-0x0000000001A80000-0x0000000001B08000-memory.dmp

Filesize
544KB

Download
memory/712-2478-0x0000000073270000-0x00000000732F8000-memory.dmp

Filesize
544KB

Download
memory/712-2500-0x00000000010D0000-0x00000000014D4000-memory.dmp

Filesize
4.0MB

Download
memory/712-2482-0x0000000073460000-0x0000000073484000-memory.dmp

Filesize
144KB

Download
memory/712-2480-0x0000000072FA0000-0x000000007326F000-memory.dmp

Filesize
2.8MB

Download
memory/712-2474-0x0000000073300000-0x000000007340A000-memory.dmp

Filesize
1.0MB

Download
memory/712-2472-0x0000000073410000-0x0000000073459000-memory.dmp

Filesize
292KB

Download
memory/712-2501-0x0000000073410000-0x0000000073459000-memory.dmp

Filesize
292KB

Download
memory/712-2510-0x0000000073300000-0x000000007340A000-memory.dmp

Filesize
1.0MB

Download
memory/712-2511-0x0000000001A80000-0x0000000001B08000-memory.dmp

Filesize
544KB

Download
memory/712-2611-0x00000000010D0000-0x00000000014D4000-memory.dmp

Filesize
4.0MB

Download
memory/1480-2627-0x00000000010D0000-0x00000000014D4000-memory.dmp

Filesize
4.0MB

Download
memory/1480-2613-0x0000000073460000-0x0000000073484000-memory.dmp

Filesize
144KB

Download
memory/1480-2603-0x00000000010D0000-0x00000000014D4000-memory.dmp

Filesize
4.0MB

Download
memory/1480-2605-0x0000000072FA0000-0x000000007326F000-memory.dmp

Filesize
2.8MB

Download
memory/1480-2607-0x0000000073560000-0x0000000073628000-memory.dmp

Filesize
800KB

Download
memory/1480-2610-0x0000000073410000-0x0000000073459000-memory.dmp

Filesize
292KB

Download
memory/1480-2618-0x0000000073270000-0x00000000732F8000-memory.dmp

Filesize
544KB

Download
memory/1480-2616-0x0000000073300000-0x000000007340A000-memory.dmp

Filesize
1.0MB

Download
memory/1480-2609-0x0000000073490000-0x000000007355E000-memory.dmp

Filesize
824KB

Download
memory/1480-2625-0x0000000073410000-0x0000000073459000-memory.dmp

Filesize
292KB

Download
memory/1480-2626-0x0000000073460000-0x0000000073484000-memory.dmp

Filesize
144KB

Download
memory/1480-2624-0x0000000073490000-0x000000007355E000-memory.dmp

Filesize
824KB

Download
memory/1480-2629-0x0000000073560000-0x0000000073628000-memory.dmp

Filesize
800KB

Download
memory/1480-2628-0x0000000072FA0000-0x000000007326F000-memory.dmp

Filesize
2.8MB

Download
memory/2936-2706-0x0000000073FA0000-0x0000000073FC4000-memory.dmp

Filesize
144KB

Download
memory/2936-2713-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/2936-2724-0x00000000733C0000-0x000000007348E000-memory.dmp

Filesize
824KB

Download
memory/2936-2701-0x0000000073730000-0x00000000737F8000-memory.dmp

Filesize
800KB

Download
memory/2936-2702-0x00000000733C0000-0x000000007348E000-memory.dmp

Filesize
824KB

Download
memory/2936-2704-0x0000000073FD0000-0x0000000074019000-memory.dmp

Filesize
292KB

Download
memory/2936-2723-0x0000000073730000-0x00000000737F8000-memory.dmp

Filesize
800KB

Download
memory/2936-2712-0x0000000073490000-0x0000000073518000-memory.dmp

Filesize
544KB

Download
memory/2936-2708-0x0000000073520000-0x000000007362A000-memory.dmp

Filesize
1.0MB

Download
memory/4540-2443-0x0000000073FE0000-0x000000007401A000-memory.dmp

Filesize
232KB

Download
memory/4540-2490-0x0000000072CD0000-0x0000000072D0A000-memory.dmp

Filesize
232KB

Download
memory/4540-2441-0x0000000000400000-0x0000000000BD8000-memory.dmp

Filesize
7.8MB

Download
memory/4540-2667-0x0000000073170000-0x00000000731AA000-memory.dmp

Filesize
232KB

Download
memory/4540-2556-0x00000000738E0000-0x000000007391A000-memory.dmp

Filesize
232KB

Download
memory/4540-2499-0x0000000000400000-0x0000000000BD8000-memory.dmp

Filesize
7.8MB

Download
memory/4564-2645-0x0000000073490000-0x0000000073518000-memory.dmp

Filesize
544KB

Download
memory/4564-2643-0x0000000073FD0000-0x0000000074019000-memory.dmp

Filesize
292KB

Download
memory/4564-2715-0x00000000010D0000-0x00000000014D4000-memory.dmp

Filesize
4.0MB

Download
memory/4564-2678-0x0000000073730000-0x00000000737F8000-memory.dmp

Filesize
800KB

Download
memory/4564-2669-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/4564-2668-0x00000000010D0000-0x00000000014D4000-memory.dmp

Filesize
4.0MB

Download
memory/4564-2648-0x0000000073FA0000-0x0000000073FC4000-memory.dmp

Filesize
144KB

Download
memory/4564-2651-0x00000000733C0000-0x000000007348E000-memory.dmp

Filesize
824KB

Download
memory/4564-2644-0x0000000073520000-0x000000007362A000-memory.dmp

Filesize
1.0MB

Download
memory/4564-2640-0x0000000073800000-0x0000000073ACF000-memory.dmp

Filesize
2.8MB

Download
memory/4564-2642-0x0000000073730000-0x00000000737F8000-memory.dmp

Filesize
800KB

Download
memory/4724-30-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-52-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-28-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-20-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-32-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-34-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-6-0x0000000073BF0000-0x00000000742DE000-memory.dmp

Filesize
6.9MB

Download
memory/4724-36-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-38-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-40-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-42-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-44-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-46-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-48-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-0-0x0000000073BF0000-0x00000000742DE000-memory.dmp

Filesize
6.9MB

Download
memory/4724-50-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-2440-0x0000000073BF0000-0x00000000742DE000-memory.dmp

Filesize
6.9MB

Download
memory/4724-7-0x0000000008010000-0x0000000008530000-memory.dmp

Filesize
5.1MB

Download
memory/4724-8-0x00000000050E0000-0x0000000005162000-memory.dmp

Filesize
520KB

Download
memory/4724-9-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-10-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-26-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-5-0x00000000056C0000-0x00000000056CA000-memory.dmp

Filesize
40KB

Download
memory/4724-12-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-4-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/4724-14-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-3-0x00000000056E0000-0x0000000005772000-memory.dmp

Filesize
584KB

Download
memory/4724-72-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-24-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-22-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-16-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-70-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-68-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-66-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-64-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-62-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-60-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-58-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-18-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-56-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-54-0x00000000050E0000-0x000000000515C000-memory.dmp

Filesize
496KB

Download
memory/4724-2-0x0000000005BE0000-0x00000000060DE000-memory.dmp

Filesize
5.0MB

Download
memory/4724-1-0x0000000000630000-0x0000000000D38000-memory.dmp

Filesize
7.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request