Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2024-07-05...uk.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2024, 15:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe

  • Size

    4.6MB

  • MD5

    35c7960e47fc63bdb17014366337a8be

  • SHA1

    9af4400f7252d9604dc299f472ee047ba67eb03b

  • SHA256

    7245cc9dc4806f39733d3b72f0fac6544f44917866d8c20ff7b566b50fe842d9

  • SHA512

    fb43cf44fc33d0715095a713d02e9a4377c7b1ae20d7db6c09784672f97838ef17cf121e70b381c846ded9c6bc1c88038f461fd6b80f6afdc67aa465c32a5f8e

  • SSDEEP

    49152:PndPjazwYcCOlBWD9rqGZi0iIGTHI6DOnIIeNxu6xl1aZt6m5xbzDI6bpsRJrAG9:n2D8siFIIm3Gob5iERnKkT

Score
7/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 26 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Users\Admin\AppData\Local\Temp\2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
      C:\Users\Admin\AppData\Local\Temp\2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=124.0.6367.202 --initial-client-data=0x2bc,0x2c0,0x2c4,0x290,0x2c8,0x1403796b8,0x1403796c4,0x1403796d0
      2⤵
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2520
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2476
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7fff6e78ab58,0x7fff6e78ab68,0x7fff6e78ab78
        3⤵
          PID:3804
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:2
          3⤵
            PID:948
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:8
            3⤵
              PID:4068
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:8
              3⤵
                PID:2936
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:1
                3⤵
                  PID:2380
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:1
                  3⤵
                    PID:1816
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:1
                    3⤵
                      PID:2404
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:8
                      3⤵
                        PID:5388
                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
                        3⤵
                        • Executes dropped EXE
                        PID:5416
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x14044ae48,0x14044ae58,0x14044ae68
                          4⤵
                          • Executes dropped EXE
                          PID:5608
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                          4⤵
                          • Executes dropped EXE
                          • Modifies registry class
                          • Suspicious use of FindShellTrayWindow
                          PID:5760
                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x29c,0x294,0x298,0x290,0x2a0,0x14044ae48,0x14044ae58,0x14044ae68
                            5⤵
                            • Executes dropped EXE
                            PID:5828
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:8
                        3⤵
                          PID:5472
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:8
                          3⤵
                            PID:5636
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2404 --field-trial-handle=1912,i,14796425573306024338,6010807954286243725,131072 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5308
                      • C:\Windows\System32\alg.exe
                        C:\Windows\System32\alg.exe
                        1⤵
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        • Drops file in Program Files directory
                        • Drops file in Windows directory
                        PID:2464
                      • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                        C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                        1⤵
                        • Executes dropped EXE
                        PID:4524
                      • C:\Windows\System32\svchost.exe
                        C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
                        1⤵
                          PID:2956
                        • C:\Windows\system32\fxssvc.exe
                          C:\Windows\system32\fxssvc.exe
                          1⤵
                          • Executes dropped EXE
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1364
                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                          1⤵
                          • Executes dropped EXE
                          PID:3864
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
                          1⤵
                          • Executes dropped EXE
                          PID:4384
                        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                          "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                          1⤵
                          • Executes dropped EXE
                          PID:4148
                        • C:\Windows\System32\msdtc.exe
                          C:\Windows\System32\msdtc.exe
                          1⤵
                          • Executes dropped EXE
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          PID:2772
                        • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                          "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
                          1⤵
                          • Executes dropped EXE
                          PID:4120
                        • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                          C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                          1⤵
                          • Executes dropped EXE
                          PID:3792
                        • C:\Windows\SysWow64\perfhost.exe
                          C:\Windows\SysWow64\perfhost.exe
                          1⤵
                          • Executes dropped EXE
                          PID:536
                        • C:\Windows\system32\locator.exe
                          C:\Windows\system32\locator.exe
                          1⤵
                          • Executes dropped EXE
                          PID:4624
                        • C:\Windows\System32\SensorDataService.exe
                          C:\Windows\System32\SensorDataService.exe
                          1⤵
                          • Executes dropped EXE
                          • Checks SCSI registry key(s)
                          PID:1152
                        • C:\Windows\System32\snmptrap.exe
                          C:\Windows\System32\snmptrap.exe
                          1⤵
                          • Executes dropped EXE
                          PID:984
                        • C:\Windows\system32\spectrum.exe
                          C:\Windows\system32\spectrum.exe
                          1⤵
                          • Executes dropped EXE
                          • Checks SCSI registry key(s)
                          PID:3356
                        • C:\Windows\System32\OpenSSH\ssh-agent.exe
                          C:\Windows\System32\OpenSSH\ssh-agent.exe
                          1⤵
                          • Executes dropped EXE
                          PID:2860
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
                          1⤵
                            PID:792
                          • C:\Windows\system32\TieringEngineService.exe
                            C:\Windows\system32\TieringEngineService.exe
                            1⤵
                            • Executes dropped EXE
                            • Checks processor information in registry
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3992
                          • C:\Windows\system32\AgentService.exe
                            C:\Windows\system32\AgentService.exe
                            1⤵
                            • Executes dropped EXE
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4512
                          • C:\Windows\System32\vds.exe
                            C:\Windows\System32\vds.exe
                            1⤵
                            • Executes dropped EXE
                            PID:2480
                          • C:\Windows\system32\vssvc.exe
                            C:\Windows\system32\vssvc.exe
                            1⤵
                            • Executes dropped EXE
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4220
                          • C:\Windows\system32\wbengine.exe
                            "C:\Windows\system32\wbengine.exe"
                            1⤵
                            • Executes dropped EXE
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3044
                          • C:\Windows\system32\wbem\WmiApSrv.exe
                            C:\Windows\system32\wbem\WmiApSrv.exe
                            1⤵
                            • Executes dropped EXE
                            PID:1888
                          • C:\Windows\system32\SearchIndexer.exe
                            C:\Windows\system32\SearchIndexer.exe /Embedding
                            1⤵
                            • Executes dropped EXE
                            • Modifies data under HKEY_USERS
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4864
                            • C:\Windows\system32\SearchProtocolHost.exe
                              "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
                              2⤵
                              • Modifies data under HKEY_USERS
                              PID:784
                            • C:\Windows\system32\SearchFilterHost.exe
                              "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
                              2⤵
                              • Modifies data under HKEY_USERS
                              PID:5188

                          Network

                          • flag-us
                            DNS
                            pywolwnvd.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pywolwnvd.biz
                            IN A
                            Response
                            pywolwnvd.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://pywolwnvd.biz/pwcupven
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /pwcupven HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: pywolwnvd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:46 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1e0b5c0fe6a9d9e982d33e64c07c3973|194.110.13.70|1720193386|1720193386|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://pywolwnvd.biz/edarhcu
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /edarhcu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: pywolwnvd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:46 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=5b69e96be1c9de644480b8be3a25aecf|194.110.13.70|1720193386|1720193386|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ssbzmoy.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ssbzmoy.biz
                            IN A
                            Response
                            ssbzmoy.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://ssbzmoy.biz/kyetrbgeagurx
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /kyetrbgeagurx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ssbzmoy.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:47 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=2d4c29e54f791a1555805a625cd237e1|194.110.13.70|1720193387|1720193387|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-sg
                            POST
                            http://ssbzmoy.biz/kyetrbgeagurx
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /kyetrbgeagurx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ssbzmoy.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:47 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=a1e504a3e9ac8576b40c520409b386f1|194.110.13.70|1720193387|1720193387|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            177.188.244.54.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            177.188.244.54.in-addr.arpa
                            IN PTR
                            Response
                            177.188.244.54.in-addr.arpa
                            IN PTR
                            ec2-54-244-188-177 us-west-2compute amazonawscom
                          • flag-us
                            DNS
                            107.10.141.18.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            107.10.141.18.in-addr.arpa
                            IN PTR
                            Response
                            107.10.141.18.in-addr.arpa
                            IN PTR
                            ec2-18-141-10-107ap-southeast-1compute amazonawscom
                          • flag-us
                            DNS
                            cvgrf.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            cvgrf.biz
                            IN A
                            Response
                            cvgrf.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://cvgrf.biz/vlxfhnbntiob
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /vlxfhnbntiob HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: cvgrf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:48 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=3ff8f58ac9166de96df57eaea4e9a6f4|194.110.13.70|1720193388|1720193388|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://cvgrf.biz/ksvirtyilbd
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /ksvirtyilbd HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: cvgrf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:48 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=78cc28d04ba9d40cb790a09195579674|194.110.13.70|1720193388|1720193388|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            www.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.google.com
                            IN A
                            Response
                            www.google.com
                            IN A
                            142.250.180.4
                          • flag-gb
                            GET
                            https://www.google.com/async/ddljson?async=ntp:2
                            chrome.exe
                            Remote address:
                            142.250.180.4:443
                            Request
                            GET /async/ddljson?async=ntp:2 HTTP/2.0
                            host: www.google.com
                            sec-fetch-site: none
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                            Response
                            HTTP/2.0 429
                            date: Fri, 05 Jul 2024 15:29:48 GMT
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            cache-control: no-store, no-cache, must-revalidate
                            content-type: text/html
                            server: HTTP server (unknown)
                            content-length: 3130
                            content-type: text/html
                            content-length: 3130
                          • flag-gb
                            GET
                            https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                            chrome.exe
                            Remote address:
                            142.250.180.4:443
                            Request
                            GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
                            host: www.google.com
                            x-client-data: COyFywE=
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            GET
                            https://www.google.com/async/newtab_promos
                            chrome.exe
                            Remote address:
                            142.250.180.4:443
                            Request
                            GET /async/newtab_promos HTTP/2.0
                            host: www.google.com
                            sec-fetch-site: cross-site
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            GET
                            https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgTCbg1GGOyioLQGIjA3CPMPZA7DyiZoclPK8I9u9oix21UBsXfAA9gDpfcRTV5A1zKqKjbCTG5b4rOhrjEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                            chrome.exe
                            Remote address:
                            142.250.180.4:443
                            Request
                            GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgTCbg1GGOyioLQGIjA3CPMPZA7DyiZoclPK8I9u9oix21UBsXfAA9gDpfcRTV5A1zKqKjbCTG5b4rOhrjEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
                            host: www.google.com
                            sec-fetch-site: none
                            sec-fetch-mode: no-cors
                            sec-fetch-dest: empty
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            3.178.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            3.178.250.142.in-addr.arpa
                            IN PTR
                            Response
                            3.178.250.142.in-addr.arpa
                            IN PTR
                            lhr48s27-in-f31e100net
                          • flag-us
                            DNS
                            10.178.250.142.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            10.178.250.142.in-addr.arpa
                            IN PTR
                            Response
                            10.178.250.142.in-addr.arpa
                            IN PTR
                            lhr48s27-in-f101e100net
                          • flag-us
                            DNS
                            npukfztj.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            npukfztj.biz
                            IN A
                            Response
                            npukfztj.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://npukfztj.biz/acsvky
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /acsvky HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: npukfztj.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:49 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=85614250833c4c53b531f86fc27f9d92|194.110.13.70|1720193389|1720193389|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://npukfztj.biz/lvuasys
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /lvuasys HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: npukfztj.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:49 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=4c7b0675269ab7a2cbdee6fa8d75df9a|194.110.13.70|1720193389|1720193389|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            przvgke.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            przvgke.biz
                            IN A
                            Response
                            przvgke.biz
                            IN A
                            172.234.222.138
                            przvgke.biz
                            IN A
                            172.234.222.143
                          • flag-us
                            POST
                            http://przvgke.biz/beweb
                            alg.exe
                            Remote address:
                            172.234.222.138:80
                            Request
                            POST /beweb HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: przvgke.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                          • flag-us
                            POST
                            http://przvgke.biz/beweb
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            172.234.222.138:80
                            Request
                            POST /beweb HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: przvgke.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                          • flag-us
                            DNS
                            105.84.221.44.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            105.84.221.44.in-addr.arpa
                            IN PTR
                            Response
                            105.84.221.44.in-addr.arpa
                            IN PTR
                            ec2-44-221-84-105 compute-1 amazonawscom
                          • flag-us
                            POST
                            http://przvgke.biz/apenytelcdylsilg
                            alg.exe
                            Remote address:
                            172.234.222.138:80
                            Request
                            POST /apenytelcdylsilg HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: przvgke.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                          • flag-us
                            POST
                            http://przvgke.biz/jfbgq
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            172.234.222.138:80
                            Request
                            POST /jfbgq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: przvgke.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                          • flag-us
                            DNS
                            zlenh.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zlenh.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            knjghuig.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            knjghuig.biz
                            IN A
                            Response
                            knjghuig.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://knjghuig.biz/nheenpufm
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /nheenpufm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: knjghuig.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:50 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=120d9963532464f3ea653f5550cc84be|194.110.13.70|1720193390|1720193390|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-sg
                            POST
                            http://knjghuig.biz/nheenpufm
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /nheenpufm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: knjghuig.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:29:50 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=2f5e385d54d454c9eb9694e4e77ec910|194.110.13.70|1720193390|1720193390|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            138.222.234.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            138.222.234.172.in-addr.arpa
                            IN PTR
                            Response
                            138.222.234.172.in-addr.arpa
                            IN PTR
                            172-234-222-138iplinodeusercontentcom
                          • flag-us
                            DNS
                            uhxqin.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            uhxqin.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            anpmnmxo.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            anpmnmxo.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            lpuegx.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            lpuegx.biz
                            IN A
                            Response
                            lpuegx.biz
                            IN A
                            82.112.184.197
                          • flag-us
                            DNS
                            clients2.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            clients2.google.com
                            IN A
                            Response
                            clients2.google.com
                            IN CNAME
                            clients.l.google.com
                            clients.l.google.com
                            IN A
                            172.217.16.238
                          • flag-us
                            DNS
                            238.16.217.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            238.16.217.172.in-addr.arpa
                            IN PTR
                            Response
                            238.16.217.172.in-addr.arpa
                            IN PTR
                            lhr48s28-in-f141e100net
                            238.16.217.172.in-addr.arpa
                            IN PTR
                            mad08s04-in-f14�I
                          • flag-us
                            DNS
                            76.32.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            76.32.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            88.156.103.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            88.156.103.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            26.165.165.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            26.165.165.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            206.23.85.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            206.23.85.13.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            192.142.123.92.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            192.142.123.92.in-addr.arpa
                            IN PTR
                            Response
                            192.142.123.92.in-addr.arpa
                            IN PTR
                            a92-123-142-192deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            vjaxhpbji.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vjaxhpbji.biz
                            IN A
                            Response
                            vjaxhpbji.biz
                            IN A
                            82.112.184.197
                          • flag-us
                            DNS
                            240.221.184.93.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            240.221.184.93.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            xlfhhhm.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            xlfhhhm.biz
                            IN A
                            Response
                            xlfhhhm.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://xlfhhhm.biz/okcbrdumwerreqw
                            alg.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /okcbrdumwerreqw HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: xlfhhhm.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:16 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=99dc3a5c1828e7068d368d1616ac045e|194.110.13.70|1720193476|1720193476|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            xlfhhhm.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            xlfhhhm.biz
                            IN A
                            Response
                            xlfhhhm.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://xlfhhhm.biz/vjomwfsosrdvpa
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /vjomwfsosrdvpa HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: xlfhhhm.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:16 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=cdafffd7af42462cbda0c91fda06c725|194.110.13.70|1720193476|1720193476|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ifsaia.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ifsaia.biz
                            IN A
                            Response
                            ifsaia.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://ifsaia.biz/hntrsioqgac
                            alg.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /hntrsioqgac HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ifsaia.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:17 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=5d6734c06030d9e390562f3a6b8a8ce6|194.110.13.70|1720193477|1720193477|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ifsaia.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ifsaia.biz
                            IN A
                            Response
                            ifsaia.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://ifsaia.biz/pmodxdmscg
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /pmodxdmscg HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ifsaia.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:17 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=060648c0451d2bdc9a44aa009aef3daa|194.110.13.70|1720193477|1720193477|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            saytjshyf.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            saytjshyf.biz
                            IN A
                            Response
                            saytjshyf.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://saytjshyf.biz/gfoedbghkpm
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /gfoedbghkpm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: saytjshyf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:18 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=407367532bb46f41d173f95d30365bb9|194.110.13.70|1720193478|1720193478|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            saytjshyf.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            saytjshyf.biz
                            IN A
                            Response
                            saytjshyf.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://saytjshyf.biz/xwlxj
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /xwlxj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: saytjshyf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:18 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=ab57fa6ec67baae7eb3c251bfa9c3341|194.110.13.70|1720193478|1720193478|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            vcddkls.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vcddkls.biz
                            IN A
                            Response
                            vcddkls.biz
                            IN A
                            18.141.10.107
                          • flag-us
                            DNS
                            212.31.129.47.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            212.31.129.47.in-addr.arpa
                            IN PTR
                            Response
                            212.31.129.47.in-addr.arpa
                            IN PTR
                            ec2-47-129-31-212ap-southeast-1compute amazonawscom
                          • flag-sg
                            POST
                            http://vcddkls.biz/mxtqm
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /mxtqm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: vcddkls.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:18 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=83a95b7a14f2ae247dce7230970a5d95|194.110.13.70|1720193478|1720193478|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            vcddkls.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vcddkls.biz
                            IN A
                            Response
                            vcddkls.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://vcddkls.biz/kpqcajpkkdaggvm
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /kpqcajpkkdaggvm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: vcddkls.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:18 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=4af4979f8a6cacbcc8ea3a8375ee1c8e|194.110.13.70|1720193478|1720193478|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            fwiwk.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            fwiwk.biz
                            IN A
                            Response
                            fwiwk.biz
                            IN A
                            172.234.222.143
                            fwiwk.biz
                            IN A
                            172.234.222.138
                          • flag-us
                            DNS
                            150.16.251.13.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            150.16.251.13.in-addr.arpa
                            IN PTR
                            Response
                            150.16.251.13.in-addr.arpa
                            IN PTR
                            ec2-13-251-16-150ap-southeast-1compute amazonawscom
                          • flag-us
                            POST
                            http://fwiwk.biz/rstknsboieu
                            alg.exe
                            Remote address:
                            172.234.222.143:80
                            Request
                            POST /rstknsboieu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: fwiwk.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                          • flag-us
                            DNS
                            fwiwk.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            fwiwk.biz
                            IN A
                            Response
                            fwiwk.biz
                            IN A
                            172.234.222.138
                            fwiwk.biz
                            IN A
                            172.234.222.143
                          • flag-us
                            POST
                            http://fwiwk.biz/syowluaqlk
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            172.234.222.138:80
                            Request
                            POST /syowluaqlk HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: fwiwk.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                          • flag-us
                            POST
                            http://fwiwk.biz/n
                            alg.exe
                            Remote address:
                            172.234.222.143:80
                            Request
                            POST /n HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: fwiwk.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                          • flag-us
                            POST
                            http://fwiwk.biz/djufuhcmakwixlp
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            172.234.222.138:80
                            Request
                            POST /djufuhcmakwixlp HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: fwiwk.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                          • flag-us
                            DNS
                            tbjrpv.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            tbjrpv.biz
                            IN A
                            Response
                            tbjrpv.biz
                            IN A
                            34.246.200.160
                          • flag-ie
                            POST
                            http://tbjrpv.biz/defbnmeqecjkmjm
                            alg.exe
                            Remote address:
                            34.246.200.160:80
                            Request
                            POST /defbnmeqecjkmjm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: tbjrpv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:19 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=d8a1ee429f7e4f30bfbbbd1518ec1820|194.110.13.70|1720193479|1720193479|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            tbjrpv.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            tbjrpv.biz
                            IN A
                            Response
                            tbjrpv.biz
                            IN A
                            34.246.200.160
                          • flag-ie
                            POST
                            http://tbjrpv.biz/cucubtvcph
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.246.200.160:80
                            Request
                            POST /cucubtvcph HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: tbjrpv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:20 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=65ed5f820ec0d3ca0f93f9c0e0a06e5d|194.110.13.70|1720193480|1720193480|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            deoci.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            deoci.biz
                            IN A
                            Response
                            deoci.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://deoci.biz/cpsjsaxgtx
                            alg.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /cpsjsaxgtx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: deoci.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:20 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=2cf366f75351516e443ca954765ec442|194.110.13.70|1720193480|1720193480|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            deoci.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            deoci.biz
                            IN A
                            Response
                            deoci.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://deoci.biz/rvesbcul
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /rvesbcul HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: deoci.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:20 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=ab5ec2206664d9912541bc9f6b467e36|194.110.13.70|1720193480|1720193480|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gytujflc.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gytujflc.biz
                            IN A
                            Response
                            gytujflc.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            DNS
                            gytujflc.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gytujflc.biz
                            IN A
                            Response
                            gytujflc.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            POST
                            http://gytujflc.biz/iiyv
                            alg.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /iiyv HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gytujflc.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:20 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://gytujflc.biz/ssfelnsu
                            alg.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /ssfelnsu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gytujflc.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:20 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://yunalwv.biz/ddvdwvjtu
                            alg.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /ddvdwvjtu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yunalwv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:25 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://yunalwv.biz/ipcqka
                            alg.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /ipcqka HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yunalwv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:25 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://gjogvvpsf.biz/fqvlxvdluiifxvs
                            alg.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /fqvlxvdluiifxvs HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gjogvvpsf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:58 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://gjogvvpsf.biz/lelnyvpbgh
                            alg.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /lelnyvpbgh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gjogvvpsf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:58 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://gytujflc.biz/ugmlaoyeleloa
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /ugmlaoyeleloa HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gytujflc.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:20 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://gytujflc.biz/hugeiokoxcptpjk
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /hugeiokoxcptpjk HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gytujflc.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:20 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://yunalwv.biz/knivkmk
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /knivkmk HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yunalwv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:25 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://yunalwv.biz/hanj
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /hanj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yunalwv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:25 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://gjogvvpsf.biz/afmkcolslr
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /afmkcolslr HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gjogvvpsf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:52 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            POST
                            http://gjogvvpsf.biz/npgvnstloxfg
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            208.100.26.245:80
                            Request
                            POST /npgvnstloxfg HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gjogvvpsf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.14.0 (Ubuntu)
                            Date: Fri, 05 Jul 2024 15:31:52 GMT
                            Content-Type: text/html
                            Content-Length: 580
                            Connection: keep-alive
                          • flag-us
                            DNS
                            qaynky.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            qaynky.biz
                            IN A
                            Response
                            qaynky.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://qaynky.biz/apcourhqgfqykxxu
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /apcourhqgfqykxxu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: qaynky.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:21 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=b9314caefe92682cfdffc12b6851d508|194.110.13.70|1720193481|1720193481|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            143.222.234.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            143.222.234.172.in-addr.arpa
                            IN PTR
                            Response
                            143.222.234.172.in-addr.arpa
                            IN PTR
                            172-234-222-143iplinodeusercontentcom
                          • flag-us
                            DNS
                            160.200.246.34.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            160.200.246.34.in-addr.arpa
                            IN PTR
                            Response
                            160.200.246.34.in-addr.arpa
                            IN PTR
                            ec2-34-246-200-160 eu-west-1compute amazonawscom
                          • flag-us
                            DNS
                            160.200.246.34.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            160.200.246.34.in-addr.arpa
                            IN PTR
                            Response
                            160.200.246.34.in-addr.arpa
                            IN PTR
                            ec2-34-246-200-160 eu-west-1compute amazonawscom
                          • flag-us
                            DNS
                            248.156.208.18.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            248.156.208.18.in-addr.arpa
                            IN PTR
                            Response
                            248.156.208.18.in-addr.arpa
                            IN PTR
                            ec2-18-208-156-248 compute-1 amazonawscom
                          • flag-us
                            DNS
                            qaynky.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            qaynky.biz
                            IN A
                            Response
                            qaynky.biz
                            IN A
                            13.251.16.150
                          • flag-us
                            DNS
                            qaynky.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            qaynky.biz
                            IN A
                            Response
                            qaynky.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://qaynky.biz/xwrybcwctknxj
                            alg.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /xwrybcwctknxj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: qaynky.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:22 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=731ba4315650b74d465ec951803290a1|194.110.13.70|1720193482|1720193482|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            bumxkqgxu.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            bumxkqgxu.biz
                            IN A
                            Response
                            bumxkqgxu.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://bumxkqgxu.biz/yhwcfkyhkvuaogxm
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /yhwcfkyhkvuaogxm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: bumxkqgxu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:22 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=3085302dedd20501975b6248d768c4ba|194.110.13.70|1720193482|1720193482|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            245.26.100.208.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            245.26.100.208.in-addr.arpa
                            IN PTR
                            Response
                            245.26.100.208.in-addr.arpa
                            IN PTR
                            ip245 208-100-26static steadfastdnsnet
                          • flag-us
                            DNS
                            dwrqljrr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            dwrqljrr.biz
                            IN A
                            Response
                            dwrqljrr.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            DNS
                            dwrqljrr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            dwrqljrr.biz
                            IN A
                            Response
                            dwrqljrr.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://dwrqljrr.biz/ptekefawhrt
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /ptekefawhrt HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: dwrqljrr.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:22 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=8964dda899bd319e5846d9c95efae979|194.110.13.70|1720193482|1720193482|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            bumxkqgxu.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            bumxkqgxu.biz
                            IN A
                            Response
                            bumxkqgxu.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            bumxkqgxu.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            bumxkqgxu.biz
                            IN A
                            Response
                            bumxkqgxu.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://bumxkqgxu.biz/ngcxrbn
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /ngcxrbn HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: bumxkqgxu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:22 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=dcb464777646a6cb470222430be16294|194.110.13.70|1720193482|1720193482|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            dwrqljrr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            dwrqljrr.biz
                            IN A
                            Response
                            dwrqljrr.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            DNS
                            dwrqljrr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            dwrqljrr.biz
                            IN A
                          • flag-us
                            DNS
                            nqwjmb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            nqwjmb.biz
                            IN A
                            Response
                            nqwjmb.biz
                            IN A
                            35.164.78.200
                          • flag-us
                            DNS
                            nqwjmb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            nqwjmb.biz
                            IN A
                          • flag-us
                            POST
                            http://dwrqljrr.biz/snyh
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /snyh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: dwrqljrr.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:23 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1713edd5d49c5cd13b16282c55a8a487|194.110.13.70|1720193483|1720193483|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://nqwjmb.biz/ywrimlvplh
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            35.164.78.200:80
                            Request
                            POST /ywrimlvplh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: nqwjmb.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:23 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=6159cace9904e04aa7faf6a922f8a934|194.110.13.70|1720193483|1720193483|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            nqwjmb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            nqwjmb.biz
                            IN A
                            Response
                            nqwjmb.biz
                            IN A
                            35.164.78.200
                          • flag-us
                            DNS
                            nqwjmb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            nqwjmb.biz
                            IN A
                          • flag-us
                            DNS
                            ytctnunms.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ytctnunms.biz
                            IN A
                            Response
                            ytctnunms.biz
                            IN A
                            3.94.10.34
                          • flag-us
                            POST
                            http://ytctnunms.biz/gkoj
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            3.94.10.34:80
                            Request
                            POST /gkoj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ytctnunms.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:23 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=eaef31ca971f1aa676d863c79d4d4ad3|194.110.13.70|1720193483|1720193483|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://nqwjmb.biz/njb
                            alg.exe
                            Remote address:
                            35.164.78.200:80
                            Request
                            POST /njb HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: nqwjmb.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:23 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=396f1303b1dc9355dc4da3218e7dc1cf|194.110.13.70|1720193483|1720193483|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            myups.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            myups.biz
                            IN A
                            Response
                            myups.biz
                            IN A
                            165.160.15.20
                            myups.biz
                            IN A
                            165.160.13.20
                          • flag-us
                            POST
                            http://myups.biz/xtpecajk
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            165.160.15.20:80
                            Request
                            POST /xtpecajk HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: myups.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Date: Fri, 05 Jul 2024 15:31:24 GMT
                            Content-Length: 94
                          • flag-us
                            POST
                            http://myups.biz/pbte
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            165.160.15.20:80
                            Request
                            POST /pbte HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: myups.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Date: Fri, 05 Jul 2024 15:31:24 GMT
                            Content-Length: 94
                          • flag-us
                            DNS
                            ytctnunms.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ytctnunms.biz
                            IN A
                            Response
                            ytctnunms.biz
                            IN A
                            3.94.10.34
                          • flag-us
                            POST
                            http://ytctnunms.biz/em
                            alg.exe
                            Remote address:
                            3.94.10.34:80
                            Request
                            POST /em HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ytctnunms.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:24 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=4aed5b1d6a59a36dc4b24e4de8944a21|194.110.13.70|1720193484|1720193484|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            200.78.164.35.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            200.78.164.35.in-addr.arpa
                            IN PTR
                            Response
                            200.78.164.35.in-addr.arpa
                            IN PTR
                            ec2-35-164-78-200 us-west-2compute amazonawscom
                          • flag-us
                            DNS
                            myups.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            myups.biz
                            IN A
                            Response
                            myups.biz
                            IN A
                            165.160.15.20
                            myups.biz
                            IN A
                            165.160.13.20
                          • flag-us
                            POST
                            http://myups.biz/rfaucnmnjyb
                            alg.exe
                            Remote address:
                            165.160.15.20:80
                            Request
                            POST /rfaucnmnjyb HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: myups.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Date: Fri, 05 Jul 2024 15:31:24 GMT
                            Content-Length: 94
                          • flag-us
                            POST
                            http://myups.biz/kuobowsuptvqws
                            alg.exe
                            Remote address:
                            165.160.15.20:80
                            Request
                            POST /kuobowsuptvqws HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: myups.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Date: Fri, 05 Jul 2024 15:31:24 GMT
                            Content-Length: 94
                          • flag-us
                            DNS
                            oshhkdluh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            oshhkdluh.biz
                            IN A
                            Response
                            oshhkdluh.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://oshhkdluh.biz/vtyilrynbiurjw
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /vtyilrynbiurjw HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: oshhkdluh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:24 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=12bcfa2c6f235300b3f6925833f18491|194.110.13.70|1720193484|1720193484|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            oshhkdluh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            oshhkdluh.biz
                            IN A
                            Response
                            oshhkdluh.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            DNS
                            oshhkdluh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            oshhkdluh.biz
                            IN A
                            Response
                            oshhkdluh.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://oshhkdluh.biz/lpxxgdnybkikrx
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /lpxxgdnybkikrx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: oshhkdluh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:25 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=7032a8dc4c0241c99a80bf30758ac085|194.110.13.70|1720193485|1720193485|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            yunalwv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            yunalwv.biz
                            IN A
                            Response
                            yunalwv.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            DNS
                            yunalwv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            yunalwv.biz
                            IN A
                            Response
                            yunalwv.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            DNS
                            34.10.94.3.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            34.10.94.3.in-addr.arpa
                            IN PTR
                            Response
                            34.10.94.3.in-addr.arpa
                            IN PTR
                            ec2-3-94-10-34 compute-1 amazonawscom
                          • flag-us
                            DNS
                            20.15.160.165.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            20.15.160.165.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            jpskm.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jpskm.biz
                            IN A
                            Response
                            jpskm.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://jpskm.biz/hnkts
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /hnkts HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jpskm.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:25 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=ecc2805f3e53157c727b704d63652654|194.110.13.70|1720193485|1720193485|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            yunalwv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            yunalwv.biz
                            IN A
                            Response
                            yunalwv.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            DNS
                            warkcdu.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            warkcdu.biz
                            IN A
                            Response
                            warkcdu.biz
                            IN A
                            18.141.10.107
                          • flag-us
                            DNS
                            jpskm.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jpskm.biz
                            IN A
                            Response
                            jpskm.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://jpskm.biz/aexbxeb
                            alg.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /aexbxeb HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jpskm.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:26 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=d33ab62d93307160112cb1cc945942d3|194.110.13.70|1720193486|1720193486|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            lrxdmhrr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            lrxdmhrr.biz
                            IN A
                            Response
                            lrxdmhrr.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://lrxdmhrr.biz/nihcttpsrtssdav
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /nihcttpsrtssdav HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: lrxdmhrr.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:26 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=02b53c98b1f33b986c326cd4aade6a5a|194.110.13.70|1720193486|1720193486|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            lrxdmhrr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            lrxdmhrr.biz
                            IN A
                            Response
                            lrxdmhrr.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://lrxdmhrr.biz/srw
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /srw HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: lrxdmhrr.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:26 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=8985c7187e764ac555538c5ed112bb27|194.110.13.70|1720193486|1720193486|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            wllvnzb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            wllvnzb.biz
                            IN A
                            Response
                            wllvnzb.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://wllvnzb.biz/gpxarmmnshx
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /gpxarmmnshx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: wllvnzb.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:27 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=59acd91db87adad47393130885e1150b|194.110.13.70|1720193487|1720193487|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            wllvnzb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            wllvnzb.biz
                            IN A
                            Response
                            wllvnzb.biz
                            IN A
                            18.141.10.107
                          • flag-us
                            DNS
                            whjovd.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            whjovd.biz
                            IN A
                            Response
                            whjovd.biz
                            IN A
                            18.141.10.107
                          • flag-us
                            DNS
                            whjovd.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            whjovd.biz
                            IN A
                          • flag-sg
                            POST
                            http://wllvnzb.biz/q
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /q HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: wllvnzb.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:27 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=ba542e115b6daee6fac91ffbac50baec|194.110.13.70|1720193487|1720193487|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            45.97.211.34.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            45.97.211.34.in-addr.arpa
                            IN PTR
                            Response
                            45.97.211.34.in-addr.arpa
                            IN PTR
                            ec2-34-211-97-45 us-west-2compute amazonawscom
                          • flag-us
                            DNS
                            gnqgo.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gnqgo.biz
                            IN A
                            Response
                            gnqgo.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://gnqgo.biz/uyuudy
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /uyuudy HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gnqgo.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:27 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=caab84b8c67a562dbb6e8ce780c094f5|194.110.13.70|1720193487|1720193487|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            jhvzpcfg.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jhvzpcfg.biz
                            IN A
                            Response
                            jhvzpcfg.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://jhvzpcfg.biz/qclnceimjug
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /qclnceimjug HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jhvzpcfg.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:28 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=03bb863c2ff5add41f70aa5fd34d608b|194.110.13.70|1720193488|1720193488|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gnqgo.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gnqgo.biz
                            IN A
                            Response
                            gnqgo.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://gnqgo.biz/oojbpivt
                            alg.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /oojbpivt HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gnqgo.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:28 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=b0e149a7838c8913cfb0e33ae76048aa|194.110.13.70|1720193488|1720193488|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            acwjcqqv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            acwjcqqv.biz
                            IN A
                            Response
                            acwjcqqv.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://acwjcqqv.biz/euqss
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /euqss HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: acwjcqqv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:28 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=cbedddb7bb532dadbf474d9285951eac|194.110.13.70|1720193488|1720193488|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            jhvzpcfg.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jhvzpcfg.biz
                            IN A
                            Response
                            jhvzpcfg.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://jhvzpcfg.biz/rsymoohuvpaidq
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /rsymoohuvpaidq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jhvzpcfg.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:28 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=dfd69f5ccb4ac9a2335a5c1209358a59|194.110.13.70|1720193488|1720193488|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            acwjcqqv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            acwjcqqv.biz
                            IN A
                            Response
                            acwjcqqv.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://acwjcqqv.biz/xleyxpy
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /xleyxpy HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: acwjcqqv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:29 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=8e71492f5b42c62fc2990f3aa22cb6c4|194.110.13.70|1720193489|1720193489|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            lejtdj.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            lejtdj.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            vyome.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vyome.biz
                            IN A
                            Response
                            vyome.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://vyome.biz/rvcudxaquj
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /rvcudxaquj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: vyome.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:29 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=3cc0015ff677b3b1342cc201c7edf9db|194.110.13.70|1720193489|1720193489|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            yauexmxk.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            yauexmxk.biz
                            IN A
                            Response
                            yauexmxk.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://yauexmxk.biz/eohh
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /eohh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yauexmxk.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:29 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=232a1e70953e9e60c7d704fe5c9430c2|194.110.13.70|1720193489|1720193489|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            lejtdj.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            lejtdj.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            lejtdj.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            lejtdj.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            vyome.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vyome.biz
                            IN A
                            Response
                            vyome.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://vyome.biz/dmrfxiivpktrh
                            alg.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /dmrfxiivpktrh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: vyome.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:29 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=98a4113bd056aae9ca2dd2b496cb2681|194.110.13.70|1720193489|1720193489|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            iuzpxe.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            iuzpxe.biz
                            IN A
                            Response
                            iuzpxe.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://iuzpxe.biz/khmlcsdtqnjmjw
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /khmlcsdtqnjmjw HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: iuzpxe.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:30 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=c326bfe368865fbf5c4093320bf1a44e|194.110.13.70|1720193490|1720193490|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            yauexmxk.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            yauexmxk.biz
                            IN A
                            Response
                            yauexmxk.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://yauexmxk.biz/jxwkncs
                            alg.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /jxwkncs HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yauexmxk.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:30 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=52201e9c54430cd21f763a08be3d706e|194.110.13.70|1720193490|1720193490|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            86.104.213.44.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            86.104.213.44.in-addr.arpa
                            IN PTR
                            Response
                            86.104.213.44.in-addr.arpa
                            IN PTR
                            ec2-44-213-104-86 compute-1 amazonawscom
                          • flag-us
                            DNS
                            iuzpxe.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            iuzpxe.biz
                            IN A
                            Response
                            iuzpxe.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://iuzpxe.biz/w
                            alg.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /w HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: iuzpxe.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:31 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=bc89bf40a8a94db03be42eecf274b2e8|194.110.13.70|1720193491|1720193491|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            sxmiywsfv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            sxmiywsfv.biz
                            IN A
                            Response
                            sxmiywsfv.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://sxmiywsfv.biz/gskykfftsrjchlc
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /gskykfftsrjchlc HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: sxmiywsfv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:31 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=234936ea1e6511ae21e45f43733b8512|194.110.13.70|1720193491|1720193491|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            sxmiywsfv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            sxmiywsfv.biz
                            IN A
                            Response
                            sxmiywsfv.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://sxmiywsfv.biz/opwchndwpfsyedru
                            alg.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /opwchndwpfsyedru HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: sxmiywsfv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:32 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=d6eaa141c6a9acb008c817cfa1ed538a|194.110.13.70|1720193492|1720193492|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            vrrazpdh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vrrazpdh.biz
                            IN A
                            Response
                            vrrazpdh.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://vrrazpdh.biz/djgpgpoue
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /djgpgpoue HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: vrrazpdh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:32 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=65c7d61f4f4e3f65ac674f23170c58ed|194.110.13.70|1720193492|1720193492|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            vrrazpdh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            vrrazpdh.biz
                            IN A
                            Response
                            vrrazpdh.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://vrrazpdh.biz/mkwdcln
                            alg.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /mkwdcln HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: vrrazpdh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:32 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=12d3ecf4b9bda2e42b3c1f607def0734|194.110.13.70|1720193492|1720193492|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ftxlah.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ftxlah.biz
                            IN A
                            Response
                            ftxlah.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://ftxlah.biz/cpeu
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /cpeu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ftxlah.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:33 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=96a37a28ef1707a31cb0e85548c2245b|194.110.13.70|1720193493|1720193493|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ftxlah.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ftxlah.biz
                            IN A
                            Response
                            ftxlah.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://ftxlah.biz/a
                            alg.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /a HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ftxlah.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:33 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=66b31658becfc322b886b8800dbcd713|194.110.13.70|1720193493|1720193493|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            typgfhb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            typgfhb.biz
                            IN A
                            Response
                            typgfhb.biz
                            IN A
                            13.251.16.150
                          • flag-us
                            DNS
                            typgfhb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            typgfhb.biz
                            IN A
                            Response
                            typgfhb.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://typgfhb.biz/tprh
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /tprh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: typgfhb.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:34 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=76e8d9aeb1c7b51c3670d924dd1ba06a|194.110.13.70|1720193494|1720193494|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            typgfhb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            typgfhb.biz
                            IN A
                            Response
                            typgfhb.biz
                            IN A
                            13.251.16.150
                          • flag-us
                            DNS
                            typgfhb.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            typgfhb.biz
                            IN A
                            Response
                            typgfhb.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://typgfhb.biz/sasclqufbywml
                            alg.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /sasclqufbywml HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: typgfhb.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:34 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=55d6da5b7e87a2a26cf0a5d900e0d000|194.110.13.70|1720193494|1720193494|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            esuzf.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            esuzf.biz
                            IN A
                            Response
                            esuzf.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://esuzf.biz/usqxigvrskeopvnq
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /usqxigvrskeopvnq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: esuzf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:35 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=b436d6c80c2c919c7d124f271cca0fa6|194.110.13.70|1720193495|1720193495|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            esuzf.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            esuzf.biz
                            IN A
                            Response
                            esuzf.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://esuzf.biz/eshmecvauvtxi
                            alg.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /eshmecvauvtxi HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: esuzf.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:35 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=d2472166f690ab6075ba4933a280a86e|194.110.13.70|1720193495|1720193495|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gvijgjwkh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gvijgjwkh.biz
                            IN A
                            Response
                            gvijgjwkh.biz
                            IN A
                            3.94.10.34
                          • flag-us
                            POST
                            http://gvijgjwkh.biz/bfnargjgej
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            3.94.10.34:80
                            Request
                            POST /bfnargjgej HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gvijgjwkh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:35 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=0a3c02350c4497e72f6613a8dd7f0ea6|194.110.13.70|1720193495|1720193495|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            qpnczch.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            qpnczch.biz
                            IN A
                            Response
                            qpnczch.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            DNS
                            qpnczch.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            qpnczch.biz
                            IN A
                            Response
                            qpnczch.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://qpnczch.biz/hxsl
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /hxsl HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: qpnczch.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:35 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=e559693f33cb54f735d6aacf2c224dd0|194.110.13.70|1720193495|1720193495|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gvijgjwkh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gvijgjwkh.biz
                            IN A
                            Response
                            gvijgjwkh.biz
                            IN A
                            3.94.10.34
                          • flag-us
                            POST
                            http://gvijgjwkh.biz/tvbgepioqlyu
                            alg.exe
                            Remote address:
                            3.94.10.34:80
                            Request
                            POST /tvbgepioqlyu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gvijgjwkh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:35 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=4863d606fadbb1ec6ab9632757979e1d|194.110.13.70|1720193495|1720193495|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            brsua.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            brsua.biz
                            IN A
                            Response
                            brsua.biz
                            IN A
                            3.254.94.185
                          • flag-us
                            DNS
                            brsua.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            brsua.biz
                            IN A
                            Response
                            brsua.biz
                            IN A
                            3.254.94.185
                          • flag-ie
                            POST
                            http://brsua.biz/tqxqqslqyoasfo
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            3.254.94.185:80
                            Request
                            POST /tqxqqslqyoasfo HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: brsua.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:35 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=5152dbfe053ee7162e65e691bd34da77|194.110.13.70|1720193495|1720193495|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            qpnczch.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            qpnczch.biz
                            IN A
                            Response
                            qpnczch.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://qpnczch.biz/xy
                            alg.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /xy HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: qpnczch.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:36 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=b6282bbfa5dec014e806120a4d1ba16a|194.110.13.70|1720193496|1720193496|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            dlynankz.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            dlynankz.biz
                            IN A
                            Response
                            dlynankz.biz
                            IN A
                            85.214.228.140
                          • flag-de
                            POST
                            http://dlynankz.biz/acdchtw
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            85.214.228.140:80
                            Request
                            POST /acdchtw HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: dlynankz.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.27.0
                            Date: Fri, 05 Jul 2024 15:31:36 GMT
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Keep-Alive: timeout=20
                          • flag-us
                            DNS
                            brsua.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            brsua.biz
                            IN A
                            Response
                            brsua.biz
                            IN A
                            3.254.94.185
                          • flag-ie
                            POST
                            http://brsua.biz/droemwlacai
                            alg.exe
                            Remote address:
                            3.254.94.185:80
                            Request
                            POST /droemwlacai HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: brsua.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:36 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=b37ba439e4666def35e3db3cc2e7fa00|194.110.13.70|1720193496|1720193496|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            oflybfv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            oflybfv.biz
                            IN A
                            Response
                            oflybfv.biz
                            IN A
                            47.129.31.212
                          • flag-us
                            DNS
                            oflybfv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            oflybfv.biz
                            IN A
                            Response
                            oflybfv.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://oflybfv.biz/ugyjbfjaipfwos
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /ugyjbfjaipfwos HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: oflybfv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:37 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=37d69ea6c949fbf7ece72b3dad77a49d|194.110.13.70|1720193497|1720193497|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            dlynankz.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            dlynankz.biz
                            IN A
                            Response
                            dlynankz.biz
                            IN A
                            85.214.228.140
                          • flag-de
                            POST
                            http://dlynankz.biz/aarjmedjtq
                            alg.exe
                            Remote address:
                            85.214.228.140:80
                            Request
                            POST /aarjmedjtq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: dlynankz.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 404 Not Found
                            Server: nginx/1.27.0
                            Date: Fri, 05 Jul 2024 15:31:36 GMT
                            Transfer-Encoding: chunked
                            Connection: keep-alive
                            Keep-Alive: timeout=20
                          • flag-us
                            DNS
                            oflybfv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            oflybfv.biz
                            IN A
                            Response
                            oflybfv.biz
                            IN A
                            47.129.31.212
                          • flag-us
                            DNS
                            oflybfv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            oflybfv.biz
                            IN A
                            Response
                            oflybfv.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://oflybfv.biz/mnkctdhsgoy
                            alg.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /mnkctdhsgoy HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: oflybfv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:37 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=af192cf80227b2fdf697cb8a347e9f5f|194.110.13.70|1720193497|1720193497|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            185.94.254.3.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            185.94.254.3.in-addr.arpa
                            IN PTR
                            Response
                            185.94.254.3.in-addr.arpa
                            IN PTR
                            ec2-3-254-94-185 eu-west-1compute amazonawscom
                          • flag-us
                            DNS
                            140.228.214.85.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            140.228.214.85.in-addr.arpa
                            IN PTR
                            Response
                            140.228.214.85.in-addr.arpa
                            IN PTR
                            h2758763 stratoservernet
                          • flag-us
                            DNS
                            yhqqc.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            yhqqc.biz
                            IN A
                            Response
                            yhqqc.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://yhqqc.biz/dqvvtjbyj
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /dqvvtjbyj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yhqqc.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:37 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=bfa0f7d5d3383b09b9ab4cef053b0920|194.110.13.70|1720193497|1720193497|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            yhqqc.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            yhqqc.biz
                            IN A
                            Response
                            yhqqc.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            POST
                            http://yhqqc.biz/uxavnh
                            alg.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /uxavnh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: yhqqc.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:38 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=cae05c1c1dbcb946bcbe90cfaf48c953|194.110.13.70|1720193498|1720193498|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            mnjmhp.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            mnjmhp.biz
                            IN A
                            Response
                            mnjmhp.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://mnjmhp.biz/cwubl
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /cwubl HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: mnjmhp.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:38 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=def4b38a8e1af3faf15d8e44bd92a0c1|194.110.13.70|1720193498|1720193498|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            mnjmhp.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            mnjmhp.biz
                            IN A
                            Response
                            mnjmhp.biz
                            IN A
                            47.129.31.212
                          • flag-sg
                            POST
                            http://mnjmhp.biz/ratqg
                            alg.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /ratqg HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: mnjmhp.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:39 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=7b842cdbdf941a450a80b73eec88498c|194.110.13.70|1720193499|1720193499|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            opowhhece.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            opowhhece.biz
                            IN A
                            Response
                            opowhhece.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://opowhhece.biz/arucfibjtqjr
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /arucfibjtqjr HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: opowhhece.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:39 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=d78a61090581af0a19a1d616e2e50431|194.110.13.70|1720193499|1720193499|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            zjbpaao.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zjbpaao.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            jdhhbs.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jdhhbs.biz
                            IN A
                            Response
                            jdhhbs.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://jdhhbs.biz/siowtpjhdwsoavm
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /siowtpjhdwsoavm HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jdhhbs.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:40 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=2ad95384ce8b53729f41c566ccf7229d|194.110.13.70|1720193500|1720193500|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            opowhhece.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            opowhhece.biz
                            IN A
                            Response
                            opowhhece.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://opowhhece.biz/l
                            alg.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /l HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: opowhhece.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:39 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=941e8be736115040eb1e9ce878a9f8f3|194.110.13.70|1720193499|1720193499|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            zjbpaao.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zjbpaao.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            jdhhbs.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jdhhbs.biz
                            IN A
                            Response
                            jdhhbs.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://jdhhbs.biz/tewiebgqmfrscamn
                            alg.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /tewiebgqmfrscamn HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jdhhbs.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:40 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=defcfd4ee827169a150cd09084cc9ebb|194.110.13.70|1720193500|1720193500|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            mgmsclkyu.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            mgmsclkyu.biz
                            IN A
                            Response
                            mgmsclkyu.biz
                            IN A
                            34.246.200.160
                          • flag-ie
                            POST
                            http://mgmsclkyu.biz/brmjfbtnfe
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.246.200.160:80
                            Request
                            POST /brmjfbtnfe HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: mgmsclkyu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:40 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=6c6bafa73e72ec6a854dc131cee63c64|194.110.13.70|1720193500|1720193500|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-sg
                            POST
                            http://warkcdu.biz/nkrv
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /nkrv HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: warkcdu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:41 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=37cb0647893897c1ac6f7e21d06675fe|194.110.13.70|1720193501|1720193501|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            mgmsclkyu.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            mgmsclkyu.biz
                            IN A
                            Response
                            mgmsclkyu.biz
                            IN A
                            34.246.200.160
                          • flag-ie
                            POST
                            http://mgmsclkyu.biz/chmdpfrwnmx
                            alg.exe
                            Remote address:
                            34.246.200.160:80
                            Request
                            POST /chmdpfrwnmx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: mgmsclkyu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:41 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=f9a569307e401c919725179eb90f888c|194.110.13.70|1720193501|1720193501|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            warkcdu.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            warkcdu.biz
                            IN A
                            Response
                            warkcdu.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://warkcdu.biz/yppaxnpge
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /yppaxnpge HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: warkcdu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:41 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=e81bbd1aeac475d3b3cb8c2d3c429f6c|194.110.13.70|1720193501|1720193501|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gcedd.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gcedd.biz
                            IN A
                            Response
                            gcedd.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://gcedd.biz/hnqmwafjuiqgpytd
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /hnqmwafjuiqgpytd HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gcedd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:42 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=f1884982901c43db58d71a0b1379c2d2|194.110.13.70|1720193502|1720193502|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gcedd.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gcedd.biz
                            IN A
                            Response
                            gcedd.biz
                            IN A
                            13.251.16.150
                          • flag-sg
                            POST
                            http://gcedd.biz/ssoxy
                            alg.exe
                            Remote address:
                            13.251.16.150:80
                            Request
                            POST /ssoxy HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: gcedd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:43 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=0f8501acbdf078bf8c240aca8f2b66eb|194.110.13.70|1720193503|1720193503|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            jwkoeoqns.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jwkoeoqns.biz
                            IN A
                            Response
                            jwkoeoqns.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://jwkoeoqns.biz/ggkaarwyyxthmhb
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /ggkaarwyyxthmhb HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jwkoeoqns.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:42 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=07e79514f0c74c192da7697d15836917|194.110.13.70|1720193502|1720193502|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            xccjj.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            xccjj.biz
                            IN A
                            Response
                            xccjj.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://xccjj.biz/mxqeqlirn
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /mxqeqlirn HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: xccjj.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:43 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1276b09aa5c37f15b6317f1c1f533e30|194.110.13.70|1720193503|1720193503|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            jwkoeoqns.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jwkoeoqns.biz
                            IN A
                            Response
                            jwkoeoqns.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://jwkoeoqns.biz/rkie
                            alg.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /rkie HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jwkoeoqns.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:43 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=657595dde982a22845d6ace7f9aa31f4|194.110.13.70|1720193503|1720193503|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            hehckyov.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            hehckyov.biz
                            IN A
                            Response
                            hehckyov.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            hehckyov.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            hehckyov.biz
                            IN A
                          • flag-us
                            POST
                            http://hehckyov.biz/iwdhcdwntxlgjkqn
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /iwdhcdwntxlgjkqn HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: hehckyov.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:44 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=f9cb83bde4c96d635a62f2349b1980e4|194.110.13.70|1720193504|1720193504|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            xccjj.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            xccjj.biz
                            IN A
                            Response
                            xccjj.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://xccjj.biz/efoj
                            alg.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /efoj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: xccjj.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:44 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=cacd2b11c4d345cee7c3c6625ec840b7|194.110.13.70|1720193504|1720193504|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            hehckyov.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            hehckyov.biz
                            IN A
                            Response
                            hehckyov.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://hehckyov.biz/bfljscomrujq
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /bfljscomrujq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: hehckyov.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:44 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=78d68f376773ca16c13d163c26e8cd02|194.110.13.70|1720193504|1720193504|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            rynmcq.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            rynmcq.biz
                            IN A
                            Response
                            rynmcq.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://rynmcq.biz/gxqncv
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /gxqncv HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: rynmcq.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:44 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=2c3d4f0005dacf4d177a2b1fd3c481f8|194.110.13.70|1720193504|1720193504|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            rynmcq.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            rynmcq.biz
                            IN A
                            Response
                            rynmcq.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://rynmcq.biz/culudnswhdouf
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /culudnswhdouf HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: rynmcq.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:45 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=bb47b5fb435ebfb3d7d6ec9446fe585a|194.110.13.70|1720193505|1720193505|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            uaafd.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            uaafd.biz
                            IN A
                            Response
                            uaafd.biz
                            IN A
                            3.254.94.185
                          • flag-ie
                            POST
                            http://uaafd.biz/ebci
                            alg.exe
                            Remote address:
                            3.254.94.185:80
                            Request
                            POST /ebci HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: uaafd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:45 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=819a0614e137c63c594057397c807c7a|194.110.13.70|1720193505|1720193505|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            uaafd.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            uaafd.biz
                            IN A
                            Response
                            uaafd.biz
                            IN A
                            3.254.94.185
                          • flag-ie
                            POST
                            http://uaafd.biz/axfovtgkdsu
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            3.254.94.185:80
                            Request
                            POST /axfovtgkdsu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: uaafd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:45 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=8bcc323d7ac617d62cd54d6dd351f888|194.110.13.70|1720193505|1720193505|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            eufxebus.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            eufxebus.biz
                            IN A
                            Response
                            eufxebus.biz
                            IN A
                            18.141.10.107
                          • flag-us
                            DNS
                            eufxebus.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            eufxebus.biz
                            IN A
                          • flag-sg
                            POST
                            http://eufxebus.biz/sscypxjmlvvpc
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /sscypxjmlvvpc HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: eufxebus.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:46 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1843443af8e3b001e7432c87ed7245d7|194.110.13.70|1720193506|1720193506|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            eufxebus.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            eufxebus.biz
                            IN A
                            Response
                            eufxebus.biz
                            IN A
                            18.141.10.107
                          • flag-us
                            DNS
                            eufxebus.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            eufxebus.biz
                            IN A
                            Response
                            eufxebus.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://eufxebus.biz/bycqlugqcp
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /bycqlugqcp HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: eufxebus.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:47 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1817932b8da4c22933f3198ab87efee4|194.110.13.70|1720193507|1720193507|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            pwlqfu.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pwlqfu.biz
                            IN A
                            Response
                            pwlqfu.biz
                            IN A
                            34.246.200.160
                          • flag-us
                            DNS
                            pwlqfu.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pwlqfu.biz
                            IN A
                            Response
                            pwlqfu.biz
                            IN A
                            34.246.200.160
                          • flag-ie
                            POST
                            http://pwlqfu.biz/adytcjul
                            alg.exe
                            Remote address:
                            34.246.200.160:80
                            Request
                            POST /adytcjul HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: pwlqfu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:46 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=49a2c6bf40068b7af10a307d38dad39d|194.110.13.70|1720193506|1720193506|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            rrqafepng.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            rrqafepng.biz
                            IN A
                            Response
                            rrqafepng.biz
                            IN A
                            47.129.31.212
                          • flag-us
                            DNS
                            rrqafepng.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            rrqafepng.biz
                            IN A
                          • flag-sg
                            POST
                            http://rrqafepng.biz/efuryreofqoa
                            alg.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /efuryreofqoa HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: rrqafepng.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:47 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=73c8f500f3450688978efbff93b14e83|194.110.13.70|1720193507|1720193507|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            pwlqfu.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pwlqfu.biz
                            IN A
                            Response
                            pwlqfu.biz
                            IN A
                            34.246.200.160
                          • flag-ie
                            POST
                            http://pwlqfu.biz/suipywt
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.246.200.160:80
                            Request
                            POST /suipywt HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: pwlqfu.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:47 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=40bbbe0063a836d55f0790dcd6c2c340|194.110.13.70|1720193507|1720193507|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ctdtgwag.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ctdtgwag.biz
                            IN A
                            Response
                            ctdtgwag.biz
                            IN A
                            3.94.10.34
                          • flag-us
                            DNS
                            rrqafepng.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            rrqafepng.biz
                            IN A
                            Response
                            rrqafepng.biz
                            IN A
                            47.129.31.212
                          • flag-us
                            DNS
                            rrqafepng.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            rrqafepng.biz
                            IN A
                          • flag-us
                            POST
                            http://ctdtgwag.biz/depxcjvmjnsh
                            alg.exe
                            Remote address:
                            3.94.10.34:80
                            Request
                            POST /depxcjvmjnsh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ctdtgwag.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:48 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=ee2e2a0f6ff2482e8c8ae1aa533a312d|194.110.13.70|1720193508|1720193508|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-sg
                            POST
                            http://rrqafepng.biz/tvmqpx
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            47.129.31.212:80
                            Request
                            POST /tvmqpx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: rrqafepng.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:48 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=d4a00c4601c43d702c83db42e0568e6f|194.110.13.70|1720193508|1720193508|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            tnevuluw.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            tnevuluw.biz
                            IN A
                            Response
                            tnevuluw.biz
                            IN A
                            35.164.78.200
                          • flag-us
                            DNS
                            tnevuluw.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            tnevuluw.biz
                            IN A
                          • flag-us
                            DNS
                            tnevuluw.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            tnevuluw.biz
                            IN A
                          • flag-us
                            DNS
                            ctdtgwag.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ctdtgwag.biz
                            IN A
                            Response
                            ctdtgwag.biz
                            IN A
                            3.94.10.34
                          • flag-us
                            DNS
                            ctdtgwag.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ctdtgwag.biz
                            IN A
                          • flag-us
                            POST
                            http://ctdtgwag.biz/tumj
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            3.94.10.34:80
                            Request
                            POST /tumj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ctdtgwag.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:49 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1566e751aeb8ae1f93df046d63c02b6d|194.110.13.70|1720193509|1720193509|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://tnevuluw.biz/fjswapq
                            alg.exe
                            Remote address:
                            35.164.78.200:80
                            Request
                            POST /fjswapq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: tnevuluw.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:49 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=4642dd95ef227f2a58bb928c8fef281a|194.110.13.70|1720193509|1720193509|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            tnevuluw.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            tnevuluw.biz
                            IN A
                            Response
                            tnevuluw.biz
                            IN A
                            35.164.78.200
                          • flag-us
                            POST
                            http://tnevuluw.biz/wxccpyvxfw
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            35.164.78.200:80
                            Request
                            POST /wxccpyvxfw HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: tnevuluw.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:50 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=a90819c4c30b0880c18296c572671a50|194.110.13.70|1720193510|1720193510|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-sg
                            POST
                            http://whjovd.biz/tdckgkcvgmstbjeq
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /tdckgkcvgmstbjeq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: whjovd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:57 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=7ec666d10fa61071277a4f0c0d938085|194.110.13.70|1720193517|1720193517|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            whjovd.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            whjovd.biz
                            IN A
                            Response
                            whjovd.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://whjovd.biz/bfywrvtchcr
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /bfywrvtchcr HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: whjovd.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:51 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=a5706d03fc85193b8f3f3ff950301c7e|194.110.13.70|1720193511|1720193511|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gjogvvpsf.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gjogvvpsf.biz
                            IN A
                            Response
                            gjogvvpsf.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            DNS
                            reczwga.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            reczwga.biz
                            IN A
                            Response
                            reczwga.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            reczwga.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            reczwga.biz
                            IN A
                          • flag-us
                            POST
                            http://reczwga.biz/okwlfxpqsirhq
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /okwlfxpqsirhq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: reczwga.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:54 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=4789553770c445c99abe64a34355e92e|194.110.13.70|1720193514|1720193514|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            bghjpy.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            bghjpy.biz
                            IN A
                            Response
                            bghjpy.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            DNS
                            bghjpy.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            bghjpy.biz
                            IN A
                          • flag-us
                            POST
                            http://bghjpy.biz/byhanqlwpbwtj
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /byhanqlwpbwtj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: bghjpy.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:02 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=22f7034eadeeac05108a8fa1e7d764d6|194.110.13.70|1720193522|1720193522|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            gjogvvpsf.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gjogvvpsf.biz
                            IN A
                            Response
                            gjogvvpsf.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            DNS
                            gjogvvpsf.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            gjogvvpsf.biz
                            IN A
                            Response
                            gjogvvpsf.biz
                            IN A
                            208.100.26.245
                          • flag-us
                            DNS
                            beacons.gcp.gvt2.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            beacons.gcp.gvt2.com
                            IN A
                            Response
                            beacons.gcp.gvt2.com
                            IN CNAME
                            beacons-handoff.gcp.gvt2.com
                            beacons-handoff.gcp.gvt2.com
                            IN A
                            172.217.169.35
                          • flag-us
                            DNS
                            beacons.gcp.gvt2.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            beacons.gcp.gvt2.com
                            IN A
                            Response
                            beacons.gcp.gvt2.com
                            IN CNAME
                            beacons-handoff.gcp.gvt2.com
                            beacons-handoff.gcp.gvt2.com
                            IN A
                            172.217.169.35
                          • flag-gb
                            POST
                            https://beacons.gcp.gvt2.com/domainreliability/upload
                            chrome.exe
                            Remote address:
                            172.217.169.35:443
                            Request
                            POST /domainreliability/upload HTTP/2.0
                            host: beacons.gcp.gvt2.com
                            content-length: 992
                            content-type: application/json; charset=utf-8
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-gb
                            POST
                            https://beacons.gcp.gvt2.com/domainreliability/upload
                            chrome.exe
                            Remote address:
                            172.217.169.35:443
                            Request
                            POST /domainreliability/upload HTTP/2.0
                            host: beacons.gcp.gvt2.com
                            content-length: 273
                            content-type: application/json; charset=utf-8
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                            accept-encoding: gzip, deflate, br
                            accept-language: en-US,en;q=0.9
                          • flag-us
                            DNS
                            reczwga.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            reczwga.biz
                            IN A
                            Response
                            reczwga.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            reczwga.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            reczwga.biz
                            IN A
                          • flag-us
                            POST
                            http://reczwga.biz/cqfjao
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /cqfjao HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: reczwga.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:31:59 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=e7ed35e9e6831c77bc60b18f15ed2393|194.110.13.70|1720193519|1720193519|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            35.169.217.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            35.169.217.172.in-addr.arpa
                            IN PTR
                            Response
                            35.169.217.172.in-addr.arpa
                            IN PTR
                            lhr48s08-in-f31e100net
                          • flag-us
                            DNS
                            35.169.217.172.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            35.169.217.172.in-addr.arpa
                            IN PTR
                            Response
                            35.169.217.172.in-addr.arpa
                            IN PTR
                            lhr48s08-in-f31e100net
                          • flag-us
                            DNS
                            bghjpy.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            bghjpy.biz
                            IN A
                            Response
                            bghjpy.biz
                            IN A
                            34.211.97.45
                          • flag-us
                            DNS
                            bghjpy.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            bghjpy.biz
                            IN A
                          • flag-us
                            DNS
                            damcprvgv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            damcprvgv.biz
                            IN A
                            Response
                            damcprvgv.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://bghjpy.biz/adrfewgxgh
                            alg.exe
                            Remote address:
                            34.211.97.45:80
                            Request
                            POST /adrfewgxgh HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: bghjpy.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:02 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=8056f6a85d857894f08c0f842ec8fd5d|194.110.13.70|1720193522|1720193522|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://damcprvgv.biz/umpcleptywthbnff
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /umpcleptywthbnff HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: damcprvgv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:05 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1e9884dc0a2b604dc3acdcfbf3e959d1|194.110.13.70|1720193525|1720193525|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            damcprvgv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            damcprvgv.biz
                            IN A
                            Response
                            damcprvgv.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            DNS
                            damcprvgv.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            damcprvgv.biz
                            IN A
                            Response
                            damcprvgv.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://damcprvgv.biz/uybsaakqvq
                            alg.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /uybsaakqvq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: damcprvgv.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:03 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=78c05ae3b539114e0555e990cf177183|194.110.13.70|1720193523|1720193523|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ocsvqjg.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ocsvqjg.biz
                            IN A
                            Response
                            ocsvqjg.biz
                            IN A
                            3.254.94.185
                          • flag-ie
                            POST
                            http://ocsvqjg.biz/sadqihca
                            alg.exe
                            Remote address:
                            3.254.94.185:80
                            Request
                            POST /sadqihca HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ocsvqjg.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:03 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=36e21975e95220d14eec06ae483df6dc|194.110.13.70|1720193523|1720193523|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ywffr.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ywffr.biz
                            IN A
                            Response
                            ywffr.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://ywffr.biz/tbhrxic
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /tbhrxic HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ywffr.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:04 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=cadde647ad24e37a5feeea16fb4b34a5|194.110.13.70|1720193524|1720193524|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ecxbwt.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ecxbwt.biz
                            IN A
                            Response
                            ecxbwt.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            DNS
                            ecxbwt.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ecxbwt.biz
                            IN A
                          • flag-us
                            POST
                            http://ecxbwt.biz/rettx
                            alg.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /rettx HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ecxbwt.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:04 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=5337a612f6e7756f20affe849fb57594|194.110.13.70|1720193524|1720193524|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            pectx.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pectx.biz
                            IN A
                            Response
                            pectx.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            DNS
                            pectx.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pectx.biz
                            IN A
                            Response
                            pectx.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://pectx.biz/gxdaeqiteiqrcq
                            alg.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /gxdaeqiteiqrcq HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: pectx.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:05 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=525e9f7bb71e52b4e3330bd157020c11|194.110.13.70|1720193525|1720193525|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            zyiexezl.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zyiexezl.biz
                            IN A
                            Response
                            zyiexezl.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            DNS
                            zyiexezl.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zyiexezl.biz
                            IN A
                          • flag-us
                            DNS
                            zyiexezl.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zyiexezl.biz
                            IN A
                          • flag-us
                            DNS
                            ocsvqjg.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ocsvqjg.biz
                            IN A
                            Response
                            ocsvqjg.biz
                            IN A
                            3.254.94.185
                          • flag-ie
                            POST
                            http://ocsvqjg.biz/djnykxjviajcto
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            3.254.94.185:80
                            Request
                            POST /djnykxjviajcto HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ocsvqjg.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:06 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=b4d61bef2ff017df0b902092d01d5a4a|194.110.13.70|1720193526|1720193526|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://zyiexezl.biz/icgyvwdenb
                            alg.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /icgyvwdenb HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: zyiexezl.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:09 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=7ec8b5704ceeec48d1a396cb33cd3709|194.110.13.70|1720193529|1720193529|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ywffr.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ywffr.biz
                            IN A
                            Response
                            ywffr.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://ywffr.biz/aqpwkfbfaxuw
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /aqpwkfbfaxuw HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ywffr.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:06 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=ba6fa0ab7b195e5c4817e8abfa323d1e|194.110.13.70|1720193526|1720193526|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            ecxbwt.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ecxbwt.biz
                            IN A
                            Response
                            ecxbwt.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            DNS
                            ecxbwt.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            ecxbwt.biz
                            IN A
                            Response
                            ecxbwt.biz
                            IN A
                            54.244.188.177
                          • flag-us
                            POST
                            http://ecxbwt.biz/rxociywa
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            54.244.188.177:80
                            Request
                            POST /rxociywa HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: ecxbwt.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:08 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=d7470923e76bdf960f02fc0a147d46e8|194.110.13.70|1720193528|1720193528|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            pectx.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            pectx.biz
                            IN A
                            Response
                            pectx.biz
                            IN A
                            44.213.104.86
                          • flag-us
                            POST
                            http://pectx.biz/nubxdkcvgrgmc
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.213.104.86:80
                            Request
                            POST /nubxdkcvgrgmc HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: pectx.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:08 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=4f03d3c2001c83cac8ead7d77e9befd9|194.110.13.70|1720193528|1720193528|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            zyiexezl.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zyiexezl.biz
                            IN A
                            Response
                            zyiexezl.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://zyiexezl.biz/bngjmen
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /bngjmen HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: zyiexezl.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:09 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=6fc897a6318495dde8155691a520757a|194.110.13.70|1720193529|1720193529|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            banwyw.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            banwyw.biz
                            IN A
                            Response
                            banwyw.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://banwyw.biz/qviht
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /qviht HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: banwyw.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:09 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=42fb128d30283e464f8338330ce38d66|194.110.13.70|1720193529|1720193529|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            muapr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            muapr.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            muapr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            muapr.biz
                            IN A
                          • flag-us
                            DNS
                            wxgzshna.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            wxgzshna.biz
                            IN A
                            Response
                            wxgzshna.biz
                            IN CNAME
                            77980.bodis.com
                            77980.bodis.com
                            IN A
                            199.59.243.226
                          • flag-us
                            DNS
                            wxgzshna.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            wxgzshna.biz
                            IN A
                            Response
                            wxgzshna.biz
                            IN CNAME
                            77980.bodis.com
                            77980.bodis.com
                            IN A
                            199.59.243.226
                          • flag-us
                            DNS
                            banwyw.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            banwyw.biz
                            IN A
                            Response
                            banwyw.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            banwyw.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            banwyw.biz
                            IN A
                            Response
                            banwyw.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            zrlssa.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zrlssa.biz
                            IN A
                            Response
                            zrlssa.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            zrlssa.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zrlssa.biz
                            IN A
                            Response
                            zrlssa.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://zrlssa.biz/xnwhvvvqaouqa
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /xnwhvvvqaouqa HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: zrlssa.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:09 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=db7876d25d63546d576d5ac4f1dbcabe|194.110.13.70|1720193529|1720193529|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            POST
                            http://banwyw.biz/ntiplwsunvu
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /ntiplwsunvu HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: banwyw.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:09 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=9aeefeebda5fb439faf03837b4b27faa|194.110.13.70|1720193529|1720193529|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            jlqltsjvh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jlqltsjvh.biz
                            IN A
                            Response
                            jlqltsjvh.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://jlqltsjvh.biz/smbpwv
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /smbpwv HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jlqltsjvh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:10 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=5130ee22e312f2b75fe7e8b850351214|194.110.13.70|1720193530|1720193530|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            muapr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            muapr.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            muapr.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            muapr.biz
                            IN A
                            Response
                          • flag-us
                            DNS
                            wxgzshna.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            wxgzshna.biz
                            IN A
                            Response
                            wxgzshna.biz
                            IN CNAME
                            77980.bodis.com
                            77980.bodis.com
                            IN A
                            199.59.243.226
                          • flag-us
                            DNS
                            zrlssa.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zrlssa.biz
                            IN A
                            Response
                            zrlssa.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            DNS
                            zrlssa.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            zrlssa.biz
                            IN A
                            Response
                            zrlssa.biz
                            IN A
                            44.221.84.105
                          • flag-us
                            POST
                            http://zrlssa.biz/ebydysklp
                            alg.exe
                            Remote address:
                            44.221.84.105:80
                            Request
                            POST /ebydysklp HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: zrlssa.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:10 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=b0a322316f5e1b2132b949dccb0a0316|194.110.13.70|1720193530|1720193530|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            jlqltsjvh.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            jlqltsjvh.biz
                            IN A
                            Response
                            jlqltsjvh.biz
                            IN A
                            18.141.10.107
                          • flag-sg
                            POST
                            http://jlqltsjvh.biz/tcbigbj
                            alg.exe
                            Remote address:
                            18.141.10.107:80
                            Request
                            POST /tcbigbj HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: jlqltsjvh.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 782
                          • flag-us
                            DNS
                            xyrgy.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            xyrgy.biz
                            IN A
                            Response
                            xyrgy.biz
                            IN A
                            18.208.156.248
                          • flag-us
                            POST
                            http://xyrgy.biz/dxwyohf
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            Remote address:
                            18.208.156.248:80
                            Request
                            POST /dxwyohf HTTP/1.1
                            Cache-Control: no-cache
                            Connection: Keep-Alive
                            Pragma: no-cache
                            Host: xyrgy.biz
                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                            Content-Length: 904
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Fri, 05 Jul 2024 15:32:11 GMT
                            Content-Type: text/html
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: btst=1a202be3b27a5c48d073fa5321f64afe|194.110.13.70|1720193531|1720193531|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                            Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                          • flag-us
                            DNS
                            htwqzczce.biz
                            alg.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            htwqzczce.biz
                            IN A
                          • 54.244.188.177:80
                            http://pywolwnvd.biz/pwcupven
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://pywolwnvd.biz/pwcupven

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://pywolwnvd.biz/edarhcu
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://pywolwnvd.biz/edarhcu

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://ssbzmoy.biz/kyetrbgeagurx
                            http
                            alg.exe
                            1.4kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://ssbzmoy.biz/kyetrbgeagurx

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://ssbzmoy.biz/kyetrbgeagurx
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://ssbzmoy.biz/kyetrbgeagurx

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://cvgrf.biz/vlxfhnbntiob
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://cvgrf.biz/vlxfhnbntiob

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://cvgrf.biz/ksvirtyilbd
                            http
                            alg.exe
                            1.4kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://cvgrf.biz/ksvirtyilbd

                            HTTP Response

                            200
                          • 142.250.180.4:443
                            https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgTCbg1GGOyioLQGIjA3CPMPZA7DyiZoclPK8I9u9oix21UBsXfAA9gDpfcRTV5A1zKqKjbCTG5b4rOhrjEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                            tls, http2
                            chrome.exe
                            2.7kB
                             13.5kB
                             28
                            33

                            HTTP Request

                            GET https://www.google.com/async/ddljson?async=ntp:2

                            HTTP Request

                            GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

                            HTTP Request

                            GET https://www.google.com/async/newtab_promos

                            HTTP Request

                            GET https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgTCbg1GGOyioLQGIjA3CPMPZA7DyiZoclPK8I9u9oix21UBsXfAA9gDpfcRTV5A1zKqKjbCTG5b4rOhrjEyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                            HTTP Response

                            429
                          • 44.221.84.105:80
                            http://npukfztj.biz/acsvky
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             666 B
                             6
                            6

                            HTTP Request

                            POST http://npukfztj.biz/acsvky

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://npukfztj.biz/lvuasys
                            http
                            alg.exe
                            1.4kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://npukfztj.biz/lvuasys

                            HTTP Response

                            200
                          • 172.234.222.138:80
                            http://przvgke.biz/beweb
                            http
                            alg.exe
                            1.4kB
                             204 B
                             6
                            5

                            HTTP Request

                            POST http://przvgke.biz/beweb
                          • 172.234.222.138:80
                            http://przvgke.biz/beweb
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             204 B
                             6
                            5

                            HTTP Request

                            POST http://przvgke.biz/beweb
                          • 172.234.222.138:80
                            http://przvgke.biz/apenytelcdylsilg
                            http
                            alg.exe
                            1.4kB
                             204 B
                             6
                            5

                            HTTP Request

                            POST http://przvgke.biz/apenytelcdylsilg
                          • 172.234.222.138:80
                            http://przvgke.biz/jfbgq
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             164 B
                             6
                            4

                            HTTP Request

                            POST http://przvgke.biz/jfbgq
                          • 18.141.10.107:80
                            http://knjghuig.biz/nheenpufm
                            http
                            alg.exe
                            1.4kB
                             666 B
                             6
                            6

                            HTTP Request

                            POST http://knjghuig.biz/nheenpufm

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://knjghuig.biz/nheenpufm
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://knjghuig.biz/nheenpufm

                            HTTP Response

                            200
                          • 82.112.184.197:80
                            lpuegx.biz
                            alg.exe
                            260 B
                             5
                          • 82.112.184.197:80
                            lpuegx.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            260 B
                             5
                          • 172.217.16.238:443
                            clients2.google.com
                            tls, http2
                            chrome.exe
                            1.1kB
                             8.1kB
                             12
                            10
                          • 82.112.184.197:80
                            lpuegx.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            260 B
                             5
                          • 82.112.184.197:80
                            lpuegx.biz
                            alg.exe
                            260 B
                             5
                          • 82.112.184.197:80
                            vjaxhpbji.biz
                            alg.exe
                            260 B
                             5
                          • 82.112.184.197:80
                            vjaxhpbji.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            260 B
                             5
                          • 82.112.184.197:80
                            vjaxhpbji.biz
                            alg.exe
                            260 B
                             5
                          • 82.112.184.197:80
                            vjaxhpbji.biz
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            260 B
                             5
                          • 47.129.31.212:80
                            http://xlfhhhm.biz/okcbrdumwerreqw
                            http
                            alg.exe
                            1.4kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://xlfhhhm.biz/okcbrdumwerreqw

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://xlfhhhm.biz/vjomwfsosrdvpa
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://xlfhhhm.biz/vjomwfsosrdvpa

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://ifsaia.biz/hntrsioqgac
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://ifsaia.biz/hntrsioqgac

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://ifsaia.biz/pmodxdmscg
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://ifsaia.biz/pmodxdmscg

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://saytjshyf.biz/gfoedbghkpm
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://saytjshyf.biz/gfoedbghkpm

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://saytjshyf.biz/xwlxj
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://saytjshyf.biz/xwlxj

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://vcddkls.biz/mxtqm
                            http
                            alg.exe
                            1.4kB
                             665 B
                             6
                            6

                            HTTP Request

                            POST http://vcddkls.biz/mxtqm

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://vcddkls.biz/kpqcajpkkdaggvm
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             665 B
                             6
                            6

                            HTTP Request

                            POST http://vcddkls.biz/kpqcajpkkdaggvm

                            HTTP Response

                            200
                          • 172.234.222.143:80
                            http://fwiwk.biz/rstknsboieu
                            http
                            alg.exe
                            1.4kB
                             204 B
                             6
                            5

                            HTTP Request

                            POST http://fwiwk.biz/rstknsboieu
                          • 172.234.222.138:80
                            http://fwiwk.biz/syowluaqlk
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             204 B
                             6
                            5

                            HTTP Request

                            POST http://fwiwk.biz/syowluaqlk
                          • 172.234.222.143:80
                            http://fwiwk.biz/n
                            http
                            alg.exe
                            1.4kB
                             164 B
                             6
                            4

                            HTTP Request

                            POST http://fwiwk.biz/n
                          • 172.234.222.138:80
                            http://fwiwk.biz/djufuhcmakwixlp
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             164 B
                             6
                            4

                            HTTP Request

                            POST http://fwiwk.biz/djufuhcmakwixlp
                          • 34.246.200.160:80
                            http://tbjrpv.biz/defbnmeqecjkmjm
                            http
                            alg.exe
                            1.4kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://tbjrpv.biz/defbnmeqecjkmjm

                            HTTP Response

                            200
                          • 34.246.200.160:80
                            http://tbjrpv.biz/cucubtvcph
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://tbjrpv.biz/cucubtvcph

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://deoci.biz/cpsjsaxgtx
                            http
                            alg.exe
                            1.4kB
                             663 B
                             6
                            6

                            HTTP Request

                            POST http://deoci.biz/cpsjsaxgtx

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://deoci.biz/rvesbcul
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://deoci.biz/rvesbcul

                            HTTP Response

                            200
                          • 208.100.26.245:80
                            http://gjogvvpsf.biz/lelnyvpbgh
                            http
                            alg.exe
                            8.7kB
                             5.1kB
                             18
                            15

                            HTTP Request

                            POST http://gytujflc.biz/iiyv

                            HTTP Response

                            404

                            HTTP Request

                            POST http://gytujflc.biz/ssfelnsu

                            HTTP Response

                            404

                            HTTP Request

                            POST http://yunalwv.biz/ddvdwvjtu

                            HTTP Response

                            404

                            HTTP Request

                            POST http://yunalwv.biz/ipcqka

                            HTTP Response

                            404

                            HTTP Request

                            POST http://gjogvvpsf.biz/fqvlxvdluiifxvs

                            HTTP Response

                            404

                            HTTP Request

                            POST http://gjogvvpsf.biz/lelnyvpbgh

                            HTTP Response

                            404
                          • 208.100.26.245:80
                            http://gjogvvpsf.biz/npgvnstloxfg
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            10.9kB
                             5.0kB
                             19
                            13

                            HTTP Request

                            POST http://gytujflc.biz/ugmlaoyeleloa

                            HTTP Response

                            404

                            HTTP Request

                            POST http://gytujflc.biz/hugeiokoxcptpjk

                            HTTP Response

                            404

                            HTTP Request

                            POST http://yunalwv.biz/knivkmk

                            HTTP Response

                            404

                            HTTP Request

                            POST http://yunalwv.biz/hanj

                            HTTP Response

                            404

                            HTTP Request

                            POST http://gjogvvpsf.biz/afmkcolslr

                            HTTP Response

                            404

                            HTTP Request

                            POST http://gjogvvpsf.biz/npgvnstloxfg

                            HTTP Response

                            404
                          • 13.251.16.150:80
                            http://qaynky.biz/apcourhqgfqykxxu
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://qaynky.biz/apcourhqgfqykxxu

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://qaynky.biz/xwrybcwctknxj
                            http
                            alg.exe
                            1.4kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://qaynky.biz/xwrybcwctknxj

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://bumxkqgxu.biz/yhwcfkyhkvuaogxm
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://bumxkqgxu.biz/yhwcfkyhkvuaogxm

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://dwrqljrr.biz/ptekefawhrt
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://dwrqljrr.biz/ptekefawhrt

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://bumxkqgxu.biz/ngcxrbn
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://bumxkqgxu.biz/ngcxrbn

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://dwrqljrr.biz/snyh
                            http
                            alg.exe
                            1.4kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://dwrqljrr.biz/snyh

                            HTTP Response

                            200
                          • 35.164.78.200:80
                            http://nqwjmb.biz/ywrimlvplh
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://nqwjmb.biz/ywrimlvplh

                            HTTP Response

                            200
                          • 3.94.10.34:80
                            http://ytctnunms.biz/gkoj
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             667 B
                             6
                            6

                            HTTP Request

                            POST http://ytctnunms.biz/gkoj

                            HTTP Response

                            200
                          • 35.164.78.200:80
                            http://nqwjmb.biz/njb
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://nqwjmb.biz/njb

                            HTTP Response

                            200
                          • 165.160.15.20:80
                            http://myups.biz/pbte
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            2.9kB
                             708 B
                             9
                            9

                            HTTP Request

                            POST http://myups.biz/xtpecajk

                            HTTP Response

                            200

                            HTTP Request

                            POST http://myups.biz/pbte

                            HTTP Response

                            200
                          • 3.94.10.34:80
                            http://ytctnunms.biz/em
                            http
                            alg.exe
                            1.4kB
                             667 B
                             6
                            6

                            HTTP Request

                            POST http://ytctnunms.biz/em

                            HTTP Response

                            200
                          • 165.160.15.20:80
                            http://myups.biz/kuobowsuptvqws
                            http
                            alg.exe
                            2.7kB
                             708 B
                             10
                            9

                            HTTP Request

                            POST http://myups.biz/rfaucnmnjyb

                            HTTP Response

                            200

                            HTTP Request

                            POST http://myups.biz/kuobowsuptvqws

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://oshhkdluh.biz/vtyilrynbiurjw
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://oshhkdluh.biz/vtyilrynbiurjw

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://oshhkdluh.biz/lpxxgdnybkikrx
                            http
                            alg.exe
                            1.4kB
                             667 B
                             6
                            6

                            HTTP Request

                            POST http://oshhkdluh.biz/lpxxgdnybkikrx

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://jpskm.biz/hnkts
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             663 B
                             6
                            6

                            HTTP Request

                            POST http://jpskm.biz/hnkts

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://jpskm.biz/aexbxeb
                            http
                            alg.exe
                            1.4kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://jpskm.biz/aexbxeb

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://lrxdmhrr.biz/nihcttpsrtssdav
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://lrxdmhrr.biz/nihcttpsrtssdav

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://lrxdmhrr.biz/srw
                            http
                            alg.exe
                            1.4kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://lrxdmhrr.biz/srw

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://wllvnzb.biz/gpxarmmnshx
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://wllvnzb.biz/gpxarmmnshx

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://wllvnzb.biz/q
                            http
                            alg.exe
                            1.4kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://wllvnzb.biz/q

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://gnqgo.biz/uyuudy
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://gnqgo.biz/uyuudy

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://jhvzpcfg.biz/qclnceimjug
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             666 B
                             6
                            6

                            HTTP Request

                            POST http://jhvzpcfg.biz/qclnceimjug

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://gnqgo.biz/oojbpivt
                            http
                            alg.exe
                            1.4kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://gnqgo.biz/oojbpivt

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://acwjcqqv.biz/euqss
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             666 B
                             6
                            6

                            HTTP Request

                            POST http://acwjcqqv.biz/euqss

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://jhvzpcfg.biz/rsymoohuvpaidq
                            http
                            alg.exe
                            1.4kB
                             666 B
                             6
                            6

                            HTTP Request

                            POST http://jhvzpcfg.biz/rsymoohuvpaidq

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://acwjcqqv.biz/xleyxpy
                            http
                            alg.exe
                            1.4kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://acwjcqqv.biz/xleyxpy

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://vyome.biz/rvcudxaquj
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://vyome.biz/rvcudxaquj

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://yauexmxk.biz/eohh
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://yauexmxk.biz/eohh

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://vyome.biz/dmrfxiivpktrh
                            http
                            alg.exe
                            1.4kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://vyome.biz/dmrfxiivpktrh

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://iuzpxe.biz/khmlcsdtqnjmjw
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://iuzpxe.biz/khmlcsdtqnjmjw

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://yauexmxk.biz/jxwkncs
                            http
                            alg.exe
                            1.4kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://yauexmxk.biz/jxwkncs

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://iuzpxe.biz/w
                            http
                            alg.exe
                            1.4kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://iuzpxe.biz/w

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://sxmiywsfv.biz/gskykfftsrjchlc
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://sxmiywsfv.biz/gskykfftsrjchlc

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://sxmiywsfv.biz/opwchndwpfsyedru
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://sxmiywsfv.biz/opwchndwpfsyedru

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://vrrazpdh.biz/djgpgpoue
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://vrrazpdh.biz/djgpgpoue

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://vrrazpdh.biz/mkwdcln
                            http
                            alg.exe
                            1.4kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://vrrazpdh.biz/mkwdcln

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://ftxlah.biz/cpeu
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://ftxlah.biz/cpeu

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://ftxlah.biz/a
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://ftxlah.biz/a

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://typgfhb.biz/tprh
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://typgfhb.biz/tprh

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://typgfhb.biz/sasclqufbywml
                            http
                            alg.exe
                            1.4kB
                             665 B
                             6
                            6

                            HTTP Request

                            POST http://typgfhb.biz/sasclqufbywml

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://esuzf.biz/usqxigvrskeopvnq
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             663 B
                             6
                            6

                            HTTP Request

                            POST http://esuzf.biz/usqxigvrskeopvnq

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://esuzf.biz/eshmecvauvtxi
                            http
                            alg.exe
                            1.4kB
                             663 B
                             6
                            6

                            HTTP Request

                            POST http://esuzf.biz/eshmecvauvtxi

                            HTTP Response

                            200
                          • 3.94.10.34:80
                            http://gvijgjwkh.biz/bfnargjgej
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://gvijgjwkh.biz/bfnargjgej

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://qpnczch.biz/hxsl
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             665 B
                             6
                            6

                            HTTP Request

                            POST http://qpnczch.biz/hxsl

                            HTTP Response

                            200
                          • 3.94.10.34:80
                            http://gvijgjwkh.biz/tvbgepioqlyu
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://gvijgjwkh.biz/tvbgepioqlyu

                            HTTP Response

                            200
                          • 3.254.94.185:80
                            http://brsua.biz/tqxqqslqyoasfo
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://brsua.biz/tqxqqslqyoasfo

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://qpnczch.biz/xy
                            http
                            alg.exe
                            1.4kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://qpnczch.biz/xy

                            HTTP Response

                            200
                          • 85.214.228.140:80
                            http://dlynankz.biz/acdchtw
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             378 B
                             5
                            5

                            HTTP Request

                            POST http://dlynankz.biz/acdchtw

                            HTTP Response

                            404
                          • 3.254.94.185:80
                            http://brsua.biz/droemwlacai
                            http
                            alg.exe
                            1.4kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://brsua.biz/droemwlacai

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://oflybfv.biz/ugyjbfjaipfwos
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://oflybfv.biz/ugyjbfjaipfwos

                            HTTP Response

                            200
                          • 85.214.228.140:80
                            http://dlynankz.biz/aarjmedjtq
                            http
                            alg.exe
                            1.4kB
                             378 B
                             5
                            5

                            HTTP Request

                            POST http://dlynankz.biz/aarjmedjtq

                            HTTP Response

                            404
                          • 47.129.31.212:80
                            http://oflybfv.biz/mnkctdhsgoy
                            http
                            alg.exe
                            1.4kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://oflybfv.biz/mnkctdhsgoy

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://yhqqc.biz/dqvvtjbyj
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://yhqqc.biz/dqvvtjbyj

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://yhqqc.biz/uxavnh
                            http
                            alg.exe
                            1.4kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://yhqqc.biz/uxavnh

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://mnjmhp.biz/cwubl
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://mnjmhp.biz/cwubl

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://mnjmhp.biz/ratqg
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://mnjmhp.biz/ratqg

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://opowhhece.biz/arucfibjtqjr
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://opowhhece.biz/arucfibjtqjr

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://jdhhbs.biz/siowtpjhdwsoavm
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://jdhhbs.biz/siowtpjhdwsoavm

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://opowhhece.biz/l
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://opowhhece.biz/l

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://jdhhbs.biz/tewiebgqmfrscamn
                            http
                            alg.exe
                            1.4kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://jdhhbs.biz/tewiebgqmfrscamn

                            HTTP Response

                            200
                          • 34.246.200.160:80
                            http://mgmsclkyu.biz/brmjfbtnfe
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://mgmsclkyu.biz/brmjfbtnfe

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://warkcdu.biz/nkrv
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://warkcdu.biz/nkrv

                            HTTP Response

                            200
                          • 34.246.200.160:80
                            http://mgmsclkyu.biz/chmdpfrwnmx
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://mgmsclkyu.biz/chmdpfrwnmx

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://warkcdu.biz/yppaxnpge
                            http
                            alg.exe
                            1.4kB
                             657 B
                             7
                            6

                            HTTP Request

                            POST http://warkcdu.biz/yppaxnpge

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://gcedd.biz/hnqmwafjuiqgpytd
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             575 B
                             6
                            4

                            HTTP Request

                            POST http://gcedd.biz/hnqmwafjuiqgpytd

                            HTTP Response

                            200
                          • 13.251.16.150:80
                            http://gcedd.biz/ssoxy
                            http
                            alg.exe
                            1.4kB
                             655 B
                             7
                            6

                            HTTP Request

                            POST http://gcedd.biz/ssoxy

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://jwkoeoqns.biz/ggkaarwyyxthmhb
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://jwkoeoqns.biz/ggkaarwyyxthmhb

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://xccjj.biz/mxqeqlirn
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.6kB
                             655 B
                             7
                            6

                            HTTP Request

                            POST http://xccjj.biz/mxqeqlirn

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://jwkoeoqns.biz/rkie
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://jwkoeoqns.biz/rkie

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://hehckyov.biz/iwdhcdwntxlgjkqn
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.6kB
                             666 B
                             7
                            6

                            HTTP Request

                            POST http://hehckyov.biz/iwdhcdwntxlgjkqn

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://xccjj.biz/efoj
                            http
                            alg.exe
                            2.6kB
                             615 B
                             7
                            5

                            HTTP Request

                            POST http://xccjj.biz/efoj

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://hehckyov.biz/bfljscomrujq
                            http
                            alg.exe
                            1.4kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://hehckyov.biz/bfljscomrujq

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://rynmcq.biz/gxqncv
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://rynmcq.biz/gxqncv

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://rynmcq.biz/culudnswhdouf
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://rynmcq.biz/culudnswhdouf

                            HTTP Response

                            200
                          • 3.254.94.185:80
                            http://uaafd.biz/ebci
                            http
                            alg.exe
                            1.4kB
                             655 B
                             7
                            6

                            HTTP Request

                            POST http://uaafd.biz/ebci

                            HTTP Response

                            200
                          • 3.254.94.185:80
                            http://uaafd.biz/axfovtgkdsu
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.6kB
                             655 B
                             7
                            6

                            HTTP Request

                            POST http://uaafd.biz/axfovtgkdsu

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://eufxebus.biz/sscypxjmlvvpc
                            http
                            alg.exe
                            1.4kB
                             666 B
                             6
                            6

                            HTTP Request

                            POST http://eufxebus.biz/sscypxjmlvvpc

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://eufxebus.biz/bycqlugqcp
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            2.8kB
                             618 B
                             7
                            5

                            HTTP Request

                            POST http://eufxebus.biz/bycqlugqcp

                            HTTP Response

                            200
                          • 34.246.200.160:80
                            http://pwlqfu.biz/adytcjul
                            http
                            alg.exe
                            1.4kB
                             656 B
                             7
                            6

                            HTTP Request

                            POST http://pwlqfu.biz/adytcjul

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://rrqafepng.biz/efuryreofqoa
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://rrqafepng.biz/efuryreofqoa

                            HTTP Response

                            200
                          • 34.246.200.160:80
                            http://pwlqfu.biz/suipywt
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             624 B
                             6
                            5

                            HTTP Request

                            POST http://pwlqfu.biz/suipywt

                            HTTP Response

                            200
                          • 3.94.10.34:80
                            http://ctdtgwag.biz/depxcjvmjnsh
                            http
                            alg.exe
                            1.5kB
                             658 B
                             7
                            6

                            HTTP Request

                            POST http://ctdtgwag.biz/depxcjvmjnsh

                            HTTP Response

                            200
                          • 47.129.31.212:80
                            http://rrqafepng.biz/tvmqpx
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.6kB
                             659 B
                             7
                            6

                            HTTP Request

                            POST http://rrqafepng.biz/tvmqpx

                            HTTP Response

                            200
                          • 3.94.10.34:80
                            http://ctdtgwag.biz/tumj
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             666 B
                             6
                            6

                            HTTP Request

                            POST http://ctdtgwag.biz/tumj

                            HTTP Response

                            200
                          • 35.164.78.200:80
                            http://tnevuluw.biz/fjswapq
                            http
                            alg.exe
                            1.4kB
                             578 B
                             7
                            4

                            HTTP Request

                            POST http://tnevuluw.biz/fjswapq

                            HTTP Response

                            200
                          • 35.164.78.200:80
                            http://tnevuluw.biz/wxccpyvxfw
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.6kB
                             658 B
                             7
                            6

                            HTTP Request

                            POST http://tnevuluw.biz/wxccpyvxfw

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://whjovd.biz/tdckgkcvgmstbjeq
                            http
                            alg.exe
                            1.6kB
                             664 B
                             9
                            6

                            HTTP Request

                            POST http://whjovd.biz/tdckgkcvgmstbjeq

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://whjovd.biz/bfywrvtchcr
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://whjovd.biz/bfywrvtchcr

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://reczwga.biz/okwlfxpqsirhq
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            2.9kB
                             625 B
                             8
                            5

                            HTTP Request

                            POST http://reczwga.biz/okwlfxpqsirhq

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://bghjpy.biz/byhanqlwpbwtj
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.7kB
                             664 B
                             9
                            6

                            HTTP Request

                            POST http://bghjpy.biz/byhanqlwpbwtj

                            HTTP Response

                            200
                          • 172.217.169.35:443
                            https://beacons.gcp.gvt2.com/domainreliability/upload
                            tls, http2
                            chrome.exe
                            3.3kB
                             7.1kB
                             19
                            17

                            HTTP Request

                            POST https://beacons.gcp.gvt2.com/domainreliability/upload

                            HTTP Request

                            POST https://beacons.gcp.gvt2.com/domainreliability/upload
                          • 172.217.169.35:443
                            beacons.gcp.gvt2.com
                            tls
                            chrome.exe
                            931 B
                             4.6kB
                             9
                            7
                          • 172.217.16.238:443
                            clients2.google.com
                            tls, http2
                            chrome.exe
                            959 B
                             8.0kB
                             8
                            8
                          • 44.221.84.105:80
                            http://reczwga.biz/cqfjao
                            http
                            alg.exe
                            2.6kB
                             577 B
                             8
                            4

                            HTTP Request

                            POST http://reczwga.biz/cqfjao

                            HTTP Response

                            200
                          • 34.211.97.45:80
                            http://bghjpy.biz/adrfewgxgh
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://bghjpy.biz/adrfewgxgh

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://damcprvgv.biz/umpcleptywthbnff
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            2.9kB
                             619 B
                             9
                            5

                            HTTP Request

                            POST http://damcprvgv.biz/umpcleptywthbnff

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://damcprvgv.biz/uybsaakqvq
                            http
                            alg.exe
                            1.4kB
                             659 B
                             6
                            6

                            HTTP Request

                            POST http://damcprvgv.biz/uybsaakqvq

                            HTTP Response

                            200
                          • 3.254.94.185:80
                            http://ocsvqjg.biz/sadqihca
                            http
                            alg.exe
                            1.4kB
                             665 B
                             6
                            6

                            HTTP Request

                            POST http://ocsvqjg.biz/sadqihca

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://ywffr.biz/tbhrxic
                            http
                            alg.exe
                            1.4kB
                             663 B
                             6
                            6

                            HTTP Request

                            POST http://ywffr.biz/tbhrxic

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://ecxbwt.biz/rettx
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://ecxbwt.biz/rettx

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://pectx.biz/gxdaeqiteiqrcq
                            http
                            alg.exe
                            1.4kB
                             615 B
                             6
                            5

                            HTTP Request

                            POST http://pectx.biz/gxdaeqiteiqrcq

                            HTTP Response

                            200
                          • 3.254.94.185:80
                            http://ocsvqjg.biz/djnykxjviajcto
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             657 B
                             6
                            6

                            HTTP Request

                            POST http://ocsvqjg.biz/djnykxjviajcto

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://zyiexezl.biz/icgyvwdenb
                            http
                            alg.exe
                            1.5kB
                             658 B
                             8
                            6

                            HTTP Request

                            POST http://zyiexezl.biz/icgyvwdenb

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://ywffr.biz/aqpwkfbfaxuw
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             663 B
                             6
                            6

                            HTTP Request

                            POST http://ywffr.biz/aqpwkfbfaxuw

                            HTTP Response

                            200
                          • 54.244.188.177:80
                            http://ecxbwt.biz/rxociywa
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.6kB
                             656 B
                             7
                            6

                            HTTP Request

                            POST http://ecxbwt.biz/rxociywa

                            HTTP Response

                            200
                          • 44.213.104.86:80
                            http://pectx.biz/nubxdkcvgrgmc
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             655 B
                             6
                            6

                            HTTP Request

                            POST http://pectx.biz/nubxdkcvgrgmc

                            HTTP Response

                            200
                          • 18.208.156.248:80
                            http://zyiexezl.biz/bngjmen
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             658 B
                             6
                            6

                            HTTP Request

                            POST http://zyiexezl.biz/bngjmen

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://banwyw.biz/qviht
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://banwyw.biz/qviht

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://zrlssa.biz/xnwhvvvqaouqa
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://zrlssa.biz/xnwhvvvqaouqa

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://banwyw.biz/ntiplwsunvu
                            http
                            alg.exe
                            1.4kB
                             656 B
                             6
                            6

                            HTTP Request

                            POST http://banwyw.biz/ntiplwsunvu

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://jlqltsjvh.biz/smbpwv
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             619 B
                             6
                            5

                            HTTP Request

                            POST http://jlqltsjvh.biz/smbpwv

                            HTTP Response

                            200
                          • 44.221.84.105:80
                            http://zrlssa.biz/ebydysklp
                            http
                            alg.exe
                            1.4kB
                             664 B
                             6
                            6

                            HTTP Request

                            POST http://zrlssa.biz/ebydysklp

                            HTTP Response

                            200
                          • 18.141.10.107:80
                            http://jlqltsjvh.biz/tcbigbj
                            http
                            alg.exe
                            1.3kB
                             44 B
                             4
                            1

                            HTTP Request

                            POST http://jlqltsjvh.biz/tcbigbj
                          • 18.208.156.248:80
                            http://xyrgy.biz/dxwyohf
                            http
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            1.5kB
                             615 B
                             6
                            5

                            HTTP Request

                            POST http://xyrgy.biz/dxwyohf

                            HTTP Response

                            200
                          • 172.234.222.143:80
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                          • 18.208.156.248:80
                            alg.exe
                          • 172.234.222.143:80
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                          • 172.234.222.138:80
                            alg.exe
                          • 54.244.188.177:80
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                          • 172.234.222.138:80
                            alg.exe
                          • 8.8.8.8:53
                            pywolwnvd.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            pywolwnvd.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            ssbzmoy.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            ssbzmoy.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            177.188.244.54.in-addr.arpa
                            dns
                            73 B
                             137 B
                             1
                            1

                            DNS Request

                            177.188.244.54.in-addr.arpa

                          • 8.8.8.8:53
                            107.10.141.18.in-addr.arpa
                            dns
                            72 B
                             140 B
                             1
                            1

                            DNS Request

                            107.10.141.18.in-addr.arpa

                          • 8.8.8.8:53
                            cvgrf.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            cvgrf.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            www.google.com
                            dns
                            chrome.exe
                            60 B
                             76 B
                             1
                            1

                            DNS Request

                            www.google.com

                            DNS Response

                            142.250.180.4

                          • 8.8.8.8:53
                            3.178.250.142.in-addr.arpa
                            dns
                            72 B
                             110 B
                             1
                            1

                            DNS Request

                            3.178.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            10.178.250.142.in-addr.arpa
                            dns
                            73 B
                             112 B
                             1
                            1

                            DNS Request

                            10.178.250.142.in-addr.arpa

                          • 8.8.8.8:53
                            npukfztj.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            npukfztj.biz

                            DNS Response

                            44.221.84.105

                          • 142.250.180.4:443
                            www.google.com
                            https
                            chrome.exe
                            4.2kB
                             14.2kB
                             17
                            19
                          • 8.8.8.8:53
                            przvgke.biz
                            dns
                            alg.exe
                            57 B
                             89 B
                             1
                            1

                            DNS Request

                            przvgke.biz

                            DNS Response

                            172.234.222.138
                            172.234.222.143

                          • 8.8.8.8:53
                            105.84.221.44.in-addr.arpa
                            dns
                            72 B
                             127 B
                             1
                            1

                            DNS Request

                            105.84.221.44.in-addr.arpa

                          • 8.8.8.8:53
                            zlenh.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             117 B
                             1
                            1

                            DNS Request

                            zlenh.biz

                          • 8.8.8.8:53
                            knjghuig.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            knjghuig.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            138.222.234.172.in-addr.arpa
                            dns
                            74 B
                             128 B
                             1
                            1

                            DNS Request

                            138.222.234.172.in-addr.arpa

                          • 8.8.8.8:53
                            uhxqin.biz
                            dns
                            alg.exe
                            56 B
                             118 B
                             1
                            1

                            DNS Request

                            uhxqin.biz

                          • 8.8.8.8:53
                            anpmnmxo.biz
                            dns
                            alg.exe
                            58 B
                             120 B
                             1
                            1

                            DNS Request

                            anpmnmxo.biz

                          • 8.8.8.8:53
                            lpuegx.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            lpuegx.biz

                            DNS Response

                            82.112.184.197

                          • 8.8.8.8:53
                            clients2.google.com
                            dns
                            chrome.exe
                            65 B
                             105 B
                             1
                            1

                            DNS Request

                            clients2.google.com

                            DNS Response

                            172.217.16.238

                          • 172.217.16.238:443
                            clients2.google.com
                            https
                            chrome.exe
                            3.7kB
                             8.0kB
                             10
                            11
                          • 224.0.0.251:5353
                            chrome.exe
                            204 B
                             3
                          • 8.8.8.8:53
                            238.16.217.172.in-addr.arpa
                            dns
                            73 B
                             142 B
                             1
                            1

                            DNS Request

                            238.16.217.172.in-addr.arpa

                          • 8.8.8.8:53
                            76.32.126.40.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            76.32.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            88.156.103.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            88.156.103.20.in-addr.arpa

                          • 8.8.8.8:53
                            26.165.165.52.in-addr.arpa
                            dns
                            72 B
                             146 B
                             1
                            1

                            DNS Request

                            26.165.165.52.in-addr.arpa

                          • 8.8.8.8:53
                            206.23.85.13.in-addr.arpa
                            dns
                            71 B
                             145 B
                             1
                            1

                            DNS Request

                            206.23.85.13.in-addr.arpa

                          • 8.8.8.8:53
                            192.142.123.92.in-addr.arpa
                            dns
                            73 B
                             139 B
                             1
                            1

                            DNS Request

                            192.142.123.92.in-addr.arpa

                          • 8.8.8.8:53
                            vjaxhpbji.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            vjaxhpbji.biz

                            DNS Response

                            82.112.184.197

                          • 8.8.8.8:53
                            240.221.184.93.in-addr.arpa
                            dns
                            73 B
                             144 B
                             1
                            1

                            DNS Request

                            240.221.184.93.in-addr.arpa

                          • 8.8.8.8:53
                            xlfhhhm.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            xlfhhhm.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            xlfhhhm.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            xlfhhhm.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            ifsaia.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            ifsaia.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            ifsaia.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            ifsaia.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            saytjshyf.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            saytjshyf.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            saytjshyf.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            saytjshyf.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            vcddkls.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            vcddkls.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            212.31.129.47.in-addr.arpa
                            dns
                            72 B
                             140 B
                             1
                            1

                            DNS Request

                            212.31.129.47.in-addr.arpa

                          • 8.8.8.8:53
                            vcddkls.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            vcddkls.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            fwiwk.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             87 B
                             1
                            1

                            DNS Request

                            fwiwk.biz

                            DNS Response

                            172.234.222.143
                            172.234.222.138

                          • 8.8.8.8:53
                            150.16.251.13.in-addr.arpa
                            dns
                            72 B
                             140 B
                             1
                            1

                            DNS Request

                            150.16.251.13.in-addr.arpa

                          • 8.8.8.8:53
                            fwiwk.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             87 B
                             1
                            1

                            DNS Request

                            fwiwk.biz

                            DNS Response

                            172.234.222.138
                            172.234.222.143

                          • 8.8.8.8:53
                            tbjrpv.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            tbjrpv.biz

                            DNS Response

                            34.246.200.160

                          • 8.8.8.8:53
                            tbjrpv.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            tbjrpv.biz

                            DNS Response

                            34.246.200.160

                          • 8.8.8.8:53
                            deoci.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            deoci.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            deoci.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            deoci.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            gytujflc.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            gytujflc.biz

                            DNS Response

                            208.100.26.245

                          • 8.8.8.8:53
                            gytujflc.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            gytujflc.biz

                            DNS Response

                            208.100.26.245

                          • 8.8.8.8:53
                            qaynky.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            qaynky.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            143.222.234.172.in-addr.arpa
                            dns
                            74 B
                             128 B
                             1
                            1

                            DNS Request

                            143.222.234.172.in-addr.arpa

                          • 8.8.8.8:53
                            160.200.246.34.in-addr.arpa
                            dns
                            146 B
                             274 B
                             2
                            2

                            DNS Request

                            160.200.246.34.in-addr.arpa

                            DNS Request

                            160.200.246.34.in-addr.arpa

                          • 8.8.8.8:53
                            248.156.208.18.in-addr.arpa
                            dns
                            73 B
                             129 B
                             1
                            1

                            DNS Request

                            248.156.208.18.in-addr.arpa

                          • 8.8.8.8:53
                            qaynky.biz
                            dns
                            alg.exe
                            112 B
                             144 B
                             2
                            2

                            DNS Request

                            qaynky.biz

                            DNS Request

                            qaynky.biz

                            DNS Response

                            13.251.16.150

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            bumxkqgxu.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            bumxkqgxu.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            245.26.100.208.in-addr.arpa
                            dns
                            73 B
                             127 B
                             1
                            1

                            DNS Request

                            245.26.100.208.in-addr.arpa

                          • 8.8.8.8:53
                            dwrqljrr.biz
                            dns
                            alg.exe
                            116 B
                             148 B
                             2
                            2

                            DNS Request

                            dwrqljrr.biz

                            DNS Request

                            dwrqljrr.biz

                            DNS Response

                            54.244.188.177

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            bumxkqgxu.biz
                            dns
                            alg.exe
                            118 B
                             150 B
                             2
                            2

                            DNS Request

                            bumxkqgxu.biz

                            DNS Request

                            bumxkqgxu.biz

                            DNS Response

                            44.221.84.105

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            dwrqljrr.biz
                            dns
                            alg.exe
                            116 B
                             74 B
                             2
                            1

                            DNS Request

                            dwrqljrr.biz

                            DNS Request

                            dwrqljrr.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            nqwjmb.biz
                            dns
                            alg.exe
                            112 B
                             72 B
                             2
                            1

                            DNS Request

                            nqwjmb.biz

                            DNS Request

                            nqwjmb.biz

                            DNS Response

                            35.164.78.200

                          • 8.8.8.8:53
                            nqwjmb.biz
                            dns
                            alg.exe
                            112 B
                             72 B
                             2
                            1

                            DNS Request

                            nqwjmb.biz

                            DNS Request

                            nqwjmb.biz

                            DNS Response

                            35.164.78.200

                          • 8.8.8.8:53
                            ytctnunms.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            ytctnunms.biz

                            DNS Response

                            3.94.10.34

                          • 8.8.8.8:53
                            myups.biz
                            dns
                            alg.exe
                            55 B
                             87 B
                             1
                            1

                            DNS Request

                            myups.biz

                            DNS Response

                            165.160.15.20
                            165.160.13.20

                          • 8.8.8.8:53
                            ytctnunms.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            ytctnunms.biz

                            DNS Response

                            3.94.10.34

                          • 8.8.8.8:53
                            200.78.164.35.in-addr.arpa
                            dns
                            72 B
                             135 B
                             1
                            1

                            DNS Request

                            200.78.164.35.in-addr.arpa

                          • 8.8.8.8:53
                            myups.biz
                            dns
                            alg.exe
                            55 B
                             87 B
                             1
                            1

                            DNS Request

                            myups.biz

                            DNS Response

                            165.160.15.20
                            165.160.13.20

                          • 8.8.8.8:53
                            oshhkdluh.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            oshhkdluh.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            oshhkdluh.biz
                            dns
                            alg.exe
                            118 B
                             150 B
                             2
                            2

                            DNS Request

                            oshhkdluh.biz

                            DNS Request

                            oshhkdluh.biz

                            DNS Response

                            54.244.188.177

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            yunalwv.biz
                            dns
                            alg.exe
                            114 B
                             146 B
                             2
                            2

                            DNS Request

                            yunalwv.biz

                            DNS Request

                            yunalwv.biz

                            DNS Response

                            208.100.26.245

                            DNS Response

                            208.100.26.245

                          • 8.8.8.8:53
                            34.10.94.3.in-addr.arpa
                            dns
                            69 B
                             121 B
                             1
                            1

                            DNS Request

                            34.10.94.3.in-addr.arpa

                          • 8.8.8.8:53
                            20.15.160.165.in-addr.arpa
                            dns
                            72 B
                             146 B
                             1
                            1

                            DNS Request

                            20.15.160.165.in-addr.arpa

                          • 8.8.8.8:53
                            jpskm.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            jpskm.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            yunalwv.biz
                            dns
                            alg.exe
                            114 B
                             146 B
                             2
                            2

                            DNS Request

                            yunalwv.biz

                            DNS Response

                            208.100.26.245

                            DNS Request

                            warkcdu.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            jpskm.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            jpskm.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            lrxdmhrr.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            lrxdmhrr.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            lrxdmhrr.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            lrxdmhrr.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            wllvnzb.biz
                            dns
                            alg.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            wllvnzb.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            wllvnzb.biz
                            dns
                            alg.exe
                            169 B
                             145 B
                             3
                            2

                            DNS Request

                            wllvnzb.biz

                            DNS Response

                            18.141.10.107

                            DNS Request

                            whjovd.biz

                            DNS Request

                            whjovd.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            45.97.211.34.in-addr.arpa
                            dns
                            71 B
                             133 B
                             1
                            1

                            DNS Request

                            45.97.211.34.in-addr.arpa

                          • 8.8.8.8:53
                            gnqgo.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            gnqgo.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            jhvzpcfg.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            jhvzpcfg.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            gnqgo.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            gnqgo.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            acwjcqqv.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            acwjcqqv.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            jhvzpcfg.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            jhvzpcfg.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            acwjcqqv.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            acwjcqqv.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            lejtdj.biz
                            dns
                            alg.exe
                            56 B
                             118 B
                             1
                            1

                            DNS Request

                            lejtdj.biz

                          • 8.8.8.8:53
                            vyome.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            vyome.biz

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            yauexmxk.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            yauexmxk.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            lejtdj.biz
                            dns
                            alg.exe
                            112 B
                             236 B
                             2
                            2

                            DNS Request

                            lejtdj.biz

                            DNS Request

                            lejtdj.biz

                          • 8.8.8.8:53
                            vyome.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            vyome.biz

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            iuzpxe.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            iuzpxe.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            yauexmxk.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            yauexmxk.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            86.104.213.44.in-addr.arpa
                            dns
                            72 B
                             127 B
                             1
                            1

                            DNS Request

                            86.104.213.44.in-addr.arpa

                          • 8.8.8.8:53
                            iuzpxe.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            iuzpxe.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            sxmiywsfv.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            sxmiywsfv.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            sxmiywsfv.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            sxmiywsfv.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            vrrazpdh.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            vrrazpdh.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            vrrazpdh.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            vrrazpdh.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            ftxlah.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            ftxlah.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            ftxlah.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            ftxlah.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            typgfhb.biz
                            dns
                            alg.exe
                            114 B
                             146 B
                             2
                            2

                            DNS Request

                            typgfhb.biz

                            DNS Request

                            typgfhb.biz

                            DNS Response

                            13.251.16.150

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            typgfhb.biz
                            dns
                            alg.exe
                            114 B
                             146 B
                             2
                            2

                            DNS Request

                            typgfhb.biz

                            DNS Request

                            typgfhb.biz

                            DNS Response

                            13.251.16.150

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            esuzf.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            esuzf.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            esuzf.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            esuzf.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            gvijgjwkh.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            gvijgjwkh.biz

                            DNS Response

                            3.94.10.34

                          • 8.8.8.8:53
                            qpnczch.biz
                            dns
                            alg.exe
                            114 B
                             146 B
                             2
                            2

                            DNS Request

                            qpnczch.biz

                            DNS Request

                            qpnczch.biz

                            DNS Response

                            44.213.104.86

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            gvijgjwkh.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            gvijgjwkh.biz

                            DNS Response

                            3.94.10.34

                          • 8.8.8.8:53
                            brsua.biz
                            dns
                            alg.exe
                            110 B
                             142 B
                             2
                            2

                            DNS Request

                            brsua.biz

                            DNS Request

                            brsua.biz

                            DNS Response

                            3.254.94.185

                            DNS Response

                            3.254.94.185

                          • 8.8.8.8:53
                            qpnczch.biz
                            dns
                            alg.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            qpnczch.biz

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            dlynankz.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            dlynankz.biz

                            DNS Response

                            85.214.228.140

                          • 8.8.8.8:53
                            brsua.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            brsua.biz

                            DNS Response

                            3.254.94.185

                          • 8.8.8.8:53
                            oflybfv.biz
                            dns
                            alg.exe
                            114 B
                             146 B
                             2
                            2

                            DNS Request

                            oflybfv.biz

                            DNS Request

                            oflybfv.biz

                            DNS Response

                            47.129.31.212

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            dlynankz.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            dlynankz.biz

                            DNS Response

                            85.214.228.140

                          • 8.8.8.8:53
                            oflybfv.biz
                            dns
                            alg.exe
                            114 B
                             146 B
                             2
                            2

                            DNS Request

                            oflybfv.biz

                            DNS Request

                            oflybfv.biz

                            DNS Response

                            47.129.31.212

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            185.94.254.3.in-addr.arpa
                            dns
                            71 B
                             133 B
                             1
                            1

                            DNS Request

                            185.94.254.3.in-addr.arpa

                          • 8.8.8.8:53
                            140.228.214.85.in-addr.arpa
                            dns
                            73 B
                             112 B
                             1
                            1

                            DNS Request

                            140.228.214.85.in-addr.arpa

                          • 8.8.8.8:53
                            yhqqc.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            yhqqc.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            yhqqc.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            yhqqc.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            mnjmhp.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            mnjmhp.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            mnjmhp.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            mnjmhp.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            opowhhece.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            opowhhece.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            zjbpaao.biz
                            dns
                            alg.exe
                            57 B
                             119 B
                             1
                            1

                            DNS Request

                            zjbpaao.biz

                          • 8.8.8.8:53
                            jdhhbs.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            jdhhbs.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            opowhhece.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            opowhhece.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            zjbpaao.biz
                            dns
                            alg.exe
                            57 B
                             119 B
                             1
                            1

                            DNS Request

                            zjbpaao.biz

                          • 8.8.8.8:53
                            jdhhbs.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            jdhhbs.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            mgmsclkyu.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            mgmsclkyu.biz

                            DNS Response

                            34.246.200.160

                          • 8.8.8.8:53
                            mgmsclkyu.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            mgmsclkyu.biz

                            DNS Response

                            34.246.200.160

                          • 8.8.8.8:53
                            warkcdu.biz
                            dns
                            alg.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            warkcdu.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            gcedd.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            gcedd.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            gcedd.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            gcedd.biz

                            DNS Response

                            13.251.16.150

                          • 8.8.8.8:53
                            jwkoeoqns.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            jwkoeoqns.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            xccjj.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            xccjj.biz

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            jwkoeoqns.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            jwkoeoqns.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            hehckyov.biz
                            dns
                            alg.exe
                            116 B
                             74 B
                             2
                            1

                            DNS Request

                            hehckyov.biz

                            DNS Request

                            hehckyov.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            xccjj.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            xccjj.biz

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            hehckyov.biz
                            dns
                            alg.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            hehckyov.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            rynmcq.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            rynmcq.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            rynmcq.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            rynmcq.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            uaafd.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            uaafd.biz

                            DNS Response

                            3.254.94.185

                          • 8.8.8.8:53
                            uaafd.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            uaafd.biz

                            DNS Response

                            3.254.94.185

                          • 8.8.8.8:53
                            eufxebus.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            116 B
                             74 B
                             2
                            1

                            DNS Request

                            eufxebus.biz

                            DNS Request

                            eufxebus.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            eufxebus.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            116 B
                             148 B
                             2
                            2

                            DNS Request

                            eufxebus.biz

                            DNS Request

                            eufxebus.biz

                            DNS Response

                            18.141.10.107

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            pwlqfu.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            112 B
                             144 B
                             2
                            2

                            DNS Request

                            pwlqfu.biz

                            DNS Request

                            pwlqfu.biz

                            DNS Response

                            34.246.200.160

                            DNS Response

                            34.246.200.160

                          • 8.8.8.8:53
                            rrqafepng.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            118 B
                             75 B
                             2
                            1

                            DNS Request

                            rrqafepng.biz

                            DNS Request

                            rrqafepng.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            pwlqfu.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            pwlqfu.biz

                            DNS Response

                            34.246.200.160

                          • 8.8.8.8:53
                            ctdtgwag.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            ctdtgwag.biz

                            DNS Response

                            3.94.10.34

                          • 8.8.8.8:53
                            rrqafepng.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            118 B
                             75 B
                             2
                            1

                            DNS Request

                            rrqafepng.biz

                            DNS Request

                            rrqafepng.biz

                            DNS Response

                            47.129.31.212

                          • 8.8.8.8:53
                            tnevuluw.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            174 B
                             74 B
                             3
                            1

                            DNS Request

                            tnevuluw.biz

                            DNS Request

                            tnevuluw.biz

                            DNS Request

                            tnevuluw.biz

                            DNS Response

                            35.164.78.200

                          • 8.8.8.8:53
                            ctdtgwag.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            116 B
                             74 B
                             2
                            1

                            DNS Request

                            ctdtgwag.biz

                            DNS Request

                            ctdtgwag.biz

                            DNS Response

                            3.94.10.34

                          • 8.8.8.8:53
                            tnevuluw.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            tnevuluw.biz

                            DNS Response

                            35.164.78.200

                          • 8.8.8.8:53
                            whjovd.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            whjovd.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            gjogvvpsf.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            gjogvvpsf.biz

                            DNS Response

                            208.100.26.245

                          • 8.8.8.8:53
                            reczwga.biz
                            dns
                            alg.exe
                            114 B
                             73 B
                             2
                            1

                            DNS Request

                            reczwga.biz

                            DNS Request

                            reczwga.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            bghjpy.biz
                            dns
                            alg.exe
                            112 B
                             72 B
                             2
                            1

                            DNS Request

                            bghjpy.biz

                            DNS Request

                            bghjpy.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            gjogvvpsf.biz
                            dns
                            alg.exe
                            118 B
                             150 B
                             2
                            2

                            DNS Request

                            gjogvvpsf.biz

                            DNS Request

                            gjogvvpsf.biz

                            DNS Response

                            208.100.26.245

                            DNS Response

                            208.100.26.245

                          • 8.8.8.8:53
                            beacons.gcp.gvt2.com
                            dns
                            chrome.exe
                            132 B
                             224 B
                             2
                            2

                            DNS Request

                            beacons.gcp.gvt2.com

                            DNS Request

                            beacons.gcp.gvt2.com

                            DNS Response

                            172.217.169.35

                            DNS Response

                            172.217.169.35

                          • 8.8.8.8:53
                            reczwga.biz
                            dns
                            alg.exe
                            114 B
                             73 B
                             2
                            1

                            DNS Request

                            reczwga.biz

                            DNS Request

                            reczwga.biz

                            DNS Response

                            44.221.84.105

                          • 172.217.16.238:443
                            clients2.google.com
                            https
                            chrome.exe
                            3.4kB
                             9.1kB
                             10
                            12
                          • 8.8.8.8:53
                            35.169.217.172.in-addr.arpa
                            dns
                            146 B
                             222 B
                             2
                            2

                            DNS Request

                            35.169.217.172.in-addr.arpa

                            DNS Request

                            35.169.217.172.in-addr.arpa

                          • 8.8.8.8:53
                            bghjpy.biz
                            dns
                            alg.exe
                            112 B
                             72 B
                             2
                            1

                            DNS Request

                            bghjpy.biz

                            DNS Request

                            bghjpy.biz

                            DNS Response

                            34.211.97.45

                          • 8.8.8.8:53
                            damcprvgv.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            damcprvgv.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            damcprvgv.biz
                            dns
                            alg.exe
                            118 B
                             150 B
                             2
                            2

                            DNS Request

                            damcprvgv.biz

                            DNS Request

                            damcprvgv.biz

                            DNS Response

                            18.208.156.248

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            ocsvqjg.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            ocsvqjg.biz

                            DNS Response

                            3.254.94.185

                          • 8.8.8.8:53
                            ywffr.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            ywffr.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            ecxbwt.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            112 B
                             72 B
                             2
                            1

                            DNS Request

                            ecxbwt.biz

                            DNS Request

                            ecxbwt.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            pectx.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            110 B
                             142 B
                             2
                            2

                            DNS Request

                            pectx.biz

                            DNS Request

                            pectx.biz

                            DNS Response

                            44.213.104.86

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            zyiexezl.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            174 B
                             74 B
                             3
                            1

                            DNS Request

                            zyiexezl.biz

                            DNS Request

                            zyiexezl.biz

                            DNS Request

                            zyiexezl.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            ocsvqjg.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            57 B
                             73 B
                             1
                            1

                            DNS Request

                            ocsvqjg.biz

                            DNS Response

                            3.254.94.185

                          • 8.8.8.8:53
                            ywffr.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            ywffr.biz

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            ecxbwt.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            112 B
                             144 B
                             2
                            2

                            DNS Request

                            ecxbwt.biz

                            DNS Request

                            ecxbwt.biz

                            DNS Response

                            54.244.188.177

                            DNS Response

                            54.244.188.177

                          • 8.8.8.8:53
                            pectx.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            pectx.biz

                            DNS Response

                            44.213.104.86

                          • 8.8.8.8:53
                            zyiexezl.biz
                            dns
                            2024-07-05_35c7960e47fc63bdb17014366337a8be_ryuk.exe
                            58 B
                             74 B
                             1
                            1

                            DNS Request

                            zyiexezl.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            banwyw.biz
                            dns
                            alg.exe
                            56 B
                             72 B
                             1
                            1

                            DNS Request

                            banwyw.biz

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            muapr.biz
                            dns
                            alg.exe
                            110 B
                             117 B
                             2
                            1

                            DNS Request

                            muapr.biz

                            DNS Request

                            muapr.biz

                          • 8.8.8.8:53
                            wxgzshna.biz
                            dns
                            alg.exe
                            116 B
                             206 B
                             2
                            2

                            DNS Request

                            wxgzshna.biz

                            DNS Request

                            wxgzshna.biz

                            DNS Response

                            199.59.243.226

                            DNS Response

                            199.59.243.226

                          • 8.8.8.8:53
                            banwyw.biz
                            dns
                            alg.exe
                            112 B
                             144 B
                             2
                            2

                            DNS Request

                            banwyw.biz

                            DNS Request

                            banwyw.biz

                            DNS Response

                            44.221.84.105

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            zrlssa.biz
                            dns
                            alg.exe
                            112 B
                             144 B
                             2
                            2

                            DNS Request

                            zrlssa.biz

                            DNS Request

                            zrlssa.biz

                            DNS Response

                            44.221.84.105

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            jlqltsjvh.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            jlqltsjvh.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            muapr.biz
                            dns
                            alg.exe
                            110 B
                             234 B
                             2
                            2

                            DNS Request

                            muapr.biz

                            DNS Request

                            muapr.biz

                          • 8.8.8.8:53
                            wxgzshna.biz
                            dns
                            alg.exe
                            58 B
                             103 B
                             1
                            1

                            DNS Request

                            wxgzshna.biz

                            DNS Response

                            199.59.243.226

                          • 8.8.8.8:53
                            zrlssa.biz
                            dns
                            alg.exe
                            112 B
                             144 B
                             2
                            2

                            DNS Request

                            zrlssa.biz

                            DNS Request

                            zrlssa.biz

                            DNS Response

                            44.221.84.105

                            DNS Response

                            44.221.84.105

                          • 8.8.8.8:53
                            jlqltsjvh.biz
                            dns
                            alg.exe
                            59 B
                             75 B
                             1
                            1

                            DNS Request

                            jlqltsjvh.biz

                            DNS Response

                            18.141.10.107

                          • 8.8.8.8:53
                            xyrgy.biz
                            dns
                            alg.exe
                            55 B
                             71 B
                             1
                            1

                            DNS Request

                            xyrgy.biz

                            DNS Response

                            18.208.156.248

                          • 8.8.8.8:53
                            htwqzczce.biz
                            dns
                            alg.exe
                            59 B
                             1

                            DNS Request

                            htwqzczce.biz

                          • 8.8.8.8:53
                          • 8.8.8.8:53
                          • 8.8.8.8:53

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
                            Filesize

                            2.1MB

                            MD5

                            abdfb0abc16e884ec62e94b7b8602b30

                            SHA1

                            c59c94a451e27c04d5e272b498c92c402ca68f01

                            SHA256

                            a739b4e7ebfbbe1e5ac715f0b1d96630f7b69a1f51e1ce5c5f25c20587c2a149

                            SHA512

                            073a4d3f74d663aa18581832b7e359002ac8cbe75bb3330aa06bd3e7536fa87e3747e45e03bb6d39533a0e48c38973a72457cc8bad4432563557782c7e5e6e59

                            Download Submit

                          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                            Filesize

                            1.4MB

                            MD5

                            d04359cf72d42f6814addc58218c07fe

                            SHA1

                            a8e840ea9ee1ab65fde87d7efc701c80d7421eac

                            SHA256

                            e0759ac5de8c47f05a0c2a766886af01400f81d85299bdbfd5fd678b582a5041

                            SHA512

                            c0ad0ade9f78a3a97e510cc94093771e5f0d275d90bdb17e2f47f71d09c716950ad66656d26916e0a3afa7eb33cca5516b3ff3a300b65379e4ec386c5e2beb27

                            Download Submit

                          • C:\Program Files\7-Zip\7z.exe
                            Filesize

                            1.7MB

                            MD5

                            445ecf9f52ea7b2a75c741544ebb1858

                            SHA1

                            56afc90fce9b32b1062e13c347ed39f6e1d9d0cb

                            SHA256

                            4b8c5263fd8d26d2e8f75618d1ff79f7f8e0bab51ed5c2fd40c38b7419d79e07

                            SHA512

                            bffcdf7043c917191ea23c35105c12cf8e2d874534322c93a422661234e6ef1649e4df4889c5e3bdfc719cab610a7e13eaa174864fa3157eefe43adaff8fd22b

                            Download Submit

                          • C:\Program Files\7-Zip\7zFM.exe
                            Filesize

                            1.5MB

                            MD5

                            7b39265f1b1f676dc3cf08a89c1d4d7e

                            SHA1

                            2fb083ffd1d2367eddb07bec296ed4f1c2ce8777

                            SHA256

                            37b1c72ee46162bd468b77f76dfacff62e39a9511acb4654dc3ba31877b773e0

                            SHA512

                            0f6622f8130b7f45ec9afbc8dd254d484695d53d3b187d1a977b3b486fe6cb7efce7fa88bc6937016d86aa1fcb48f0e675b3213c182d721065ef063f64b6b1db

                            Download Submit

                          • C:\Program Files\7-Zip\7zG.exe
                            Filesize

                            1.2MB

                            MD5

                            fa2c92ee28946523e2446ab560ba8bc1

                            SHA1

                            f76788c9b0cddf82d6b7388502c7520896564142

                            SHA256

                            6cb4f29ffab1cc324d3ca2fda7ffa3ed7ca545543c72752c6e6b7e47deec81ff

                            SHA512

                            1feb2fed7cda94395d3ac962692aef68f00dcfe510306a3ab37301c2aedb6615dc667994ea8cb76b5f986b178b4bafd8b5d349be703289dad2c930e733c1b7e0

                            Download Submit

                          • C:\Program Files\7-Zip\Uninstall.exe
                            Filesize

                            1.2MB

                            MD5

                            359629c609f2ae785554ebfb7952f8e2

                            SHA1

                            32ac5d6c60f589dd9b7d17333b32276ddd19bfb3

                            SHA256

                            79c4cf658b35f95341732a95c2c7ca2ef454349d8a86611be6ee4d2acfc56751

                            SHA512

                            eb822a5f1be133468b2bf11c17f16f27f41bf89d60b2018b4daecfb926343609ad95b96158f41e83882dfb714b7fbb73d782e59adf637a5530cfb2acb27c05d2

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
                            Filesize

                            1.4MB

                            MD5

                            a137eac90fd416227c38138976e1801c

                            SHA1

                            e77234419298f5b3ab21d474b90091c110d22aea

                            SHA256

                            26cf1f257dabd90568110c4e26c5c35d9fca3e811aa30162a91a9cfb38cfcad3

                            SHA512

                            f507856a9a68b4da38cc503aef7ba9a993d459291f10bebbc82adadd1577fe944fddadc480420bbe996c4de3bfc33f9486aa4d08358f973f41e38db9e9d46c8d

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
                            Filesize

                            4.6MB

                            MD5

                            d1eec41b816d074150b02bac1713c8c0

                            SHA1

                            f4912eab74d73f694a1a516d88094537973421e5

                            SHA256

                            1e7cd9cbe48909c809ee73bfc0b3ade8037e2b9c5f427be54ce757dded8d2fe6

                            SHA512

                            7531f4afa4e0c1829941a93abfca878d38a498accfff5b8df6edad9c042ca1c79870fb49a67cd4f06e438a77dd172cefb47a0d21639b7fbbacb321f13d970549

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
                            Filesize

                            1.5MB

                            MD5

                            9daebc68cc95d41238d53bd69e3bf05c

                            SHA1

                            918563691fe378e058fc0a55905e35657a026d26

                            SHA256

                            93e769759d0b76f70dcd26ce9ec33a4c174fd74721010226023cf2b33397a872

                            SHA512

                            f528ead53904da52f821a761fde224cfaf98afc5880c51f7977185c71ce144311167d1357391dcf15d6dc6217c083db14eb158c18b8065d7b7f56b6d28b04f7e

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
                            Filesize

                            24.0MB

                            MD5

                            60496ede05cc3a6a5e048450198f2d73

                            SHA1

                            09b5dc9722287b292ba7ce6cf1599e1c75d8d135

                            SHA256

                            07309d45d15a03e6568ad60d9beac57bec781ba15d1b3c24384c41bf212f91b8

                            SHA512

                            33f6ff6b8c865e5026d87b43410aaf84e81292d006e14d6df72430cea044120b6e181136aed2ddd9609fe454be9bbdd518196bab6fd16e1dee75ced2fd8a05ed

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
                            Filesize

                            2.7MB

                            MD5

                            156167b78d23fec4d6f1b5559d5ca3af

                            SHA1

                            9f84d331ca3209ab8c6f367d09cc34d13b32b882

                            SHA256

                            f1371a8cfba5c77461858e9f6cbddf57b8eb6b308ac728a580e424702f5d236d

                            SHA512

                            34d085014cd8a3377bb285af630ebcc90847cb76893818b5543264d29d943e989999d7381905b8710dcf9b77e34c4b653268415e228f7178a59b3fcfc755004b

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
                            Filesize

                            1.1MB

                            MD5

                            1455df0221b9f3e802f26620caea8fe8

                            SHA1

                            d91b73c1097802aa21fceb8450e9fec9409e9e8a

                            SHA256

                            cb216f3781d943a311d04dc67cc7f2d5449ccbe8cfd96a31dd8e0efe61c92b49

                            SHA512

                            f3cdd717becfe67e2167af25171ecc86fd36dd1ba248d16c4bde2f2bdbdf5c0864bd9f8af2370d9a30bcd3e86bdc4701c8990776a8934cf35649852d7cd80e7f

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
                            Filesize

                            1.4MB

                            MD5

                            d055df7ce91348f0a662a64caeec5d11

                            SHA1

                            3db3cb553a499a49ef107081719f5b7b93bda8d0

                            SHA256

                            682cbc9f4fcd60190b14ac81a6634764822c6b66f7c82b936e4c37d2e3c42eec

                            SHA512

                            69defae5b3754a8bfb142adda15f02052f480fa2f8e3b27423aaa17e3c2efe10c6802f1a2aac912e7b6f5753d3210abb024d397bb1505aa5de913695f414157d

                            Download Submit

                          • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
                            Filesize

                            1.2MB

                            MD5

                            bbf7d24c0531245d12c67490de92718b

                            SHA1

                            eb625af301d295030800130e3b4ae26f6ad306c9

                            SHA256

                            74809e43b3c3faa27c6b98903d6052363d56b972fc1d5cb78633c2cd74c3e87a

                            SHA512

                            5ea64c5f9751cbca2ceb0447334d4965f0cc7bcbfd3c9b11d775d1cf80fcf06a74b6679566d0549a2547bd0f78449f21bb4d5d6c96e331410fe796c9dfd112ac

                            Download Submit

                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
                            Filesize

                            5.4MB

                            MD5

                            ac09e8deb385be1a12feba04001ec83b

                            SHA1

                            4b9056ac078d1daef697f08ebd98f8dcf04b1bd2

                            SHA256

                            ecb615006036b8b4a5e7187fe72f42428d78c43226690caafe597d054afe4441

                            SHA512

                            544a703fb1e14e6bb3bb0739cce2b203cc24eed67b854c55aef7d798162c0067b32ebf3e26c13e9cf40ad6abeb80ae0b70635d3b4fea2e28368326f80cb5300a

                            Download Submit

                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                            Filesize

                            5.4MB

                            MD5

                            d9866bb2902ed05d0b57737c97414a21

                            SHA1

                            dfef5652da42e9f0445fdec16aa726045a724b3c

                            SHA256

                            2e83ba51aa90397c487acb22a8ed7dd0bdabbe4f85db700a229826f54906f235

                            SHA512

                            55f3fb9d6317abbafc565963cc1855ca1ae6a93f0d968a6bebfd4c22f23ee8cd1164cbdd740a2a480df2375def47317f34aec1a45ea72c5727e92ea64464d21a

                            Download Submit

                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe
                            Filesize

                            2.0MB

                            MD5

                            16a1fd4d116c7a02f79c39c36d97584b

                            SHA1

                            f5dbdeb394fc5c89039aed4bbdde544e90adfd28

                            SHA256

                            48af3e2d90d01bac599ee94a3f28c83229f087d933536a7892a99b75f9ec221d

                            SHA512

                            c462d915602889d3b2cd0d175424c800d5800320a68ec55cd35a5ddf4101bac4eebee08ebe95b774345c11587db32c889a948ac5c968e12905e55e8ea15d16f6

                            Download Submit

                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                            Filesize

                            2.2MB

                            MD5

                            2cccb4d0161225de46416c72a48948fb

                            SHA1

                            ade05497313a4aba79a1f03c3ff1208ed72e405d

                            SHA256

                            e6233bad594841e62d7e9c23ef68eb48f87ddfc096ed14abd8101a68f71af1c3

                            SHA512

                            773c416895d9d273edd94e7b547214b7a7eaf7133c163d8301acd46a64695e5974125edd2e716eb8fe23511c1df300cdd185284f16ae63e3561e93ce81b847f8

                            Download Submit

                          • C:\Program Files\Google\Chrome\Application\SetupMetrics\525b7d31-e536-44f3-8fae-ae28295e0883.tmp
                            Filesize

                            488B

                            MD5

                            6d971ce11af4a6a93a4311841da1a178

                            SHA1

                            cbfdbc9b184f340cbad764abc4d8a31b9c250176

                            SHA256

                            338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                            SHA512

                            c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                            Download Submit

                          • C:\Program Files\Windows Media Player\wmpnetwk.exe
                            Filesize

                            1.5MB

                            MD5

                            d5eeb50a6d4b571d13c234236df24c93

                            SHA1

                            72e3624a195642f408261240a8e9b33b719aa4ff

                            SHA256

                            1bb645d8e26158e26cbe09469a46c4924b1a0ae0bc8953642012ebf2bd2d1aba

                            SHA512

                            73919a8984d606f7b3064541486c0bd2b1adcb85eae650e696320a84fb10cff13b2a9cde9a8df5de756584987acf259714da5e6eda30eb8f777ff31bd9f1e93c

                            Download Submit

                          • C:\Program Files\dotnet\dotnet.exe
                            Filesize

                            1.3MB

                            MD5

                            68a62419cf1109e9911f4c8e020a2b22

                            SHA1

                            e60edba344da2e72bd5fb0480c31db1ba56cfbe7

                            SHA256

                            17964c0691e61abd2e4d067445aa250a8ab3b29688afd21ffb205bd0f53fb436

                            SHA512

                            a0ea2d6fcd848c5429b6b1bb56b09ceaef197dcb8150de2c09377fa5739a87bdf1b92c66d2e5d6f72defffbc69c3c427e981d7b1ec60ad39f77005505648b1b1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                            Filesize

                            40B

                            MD5

                            1030d0994c68044a5086bbd3f66d4b78

                            SHA1

                            aa71a5d7d0a72a86db91a185af0e7e148982d610

                            SHA256

                            9babedc60618dac0c649e687630a0a48f603932817a2282d8bd2dae6cd06bf98

                            SHA512

                            ed7a5fc22db88ce1c1be3c9d0c54e2da24c42f7b86ffdcb0174cadd0ade82d4084b91258420fc571bc0203e0595494cb9f61c339348103b9b92065d5ecc85772

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
                            Filesize

                            193KB

                            MD5

                            ef36a84ad2bc23f79d171c604b56de29

                            SHA1

                            38d6569cd30d096140e752db5d98d53cf304a8fc

                            SHA256

                            e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                            SHA512

                            dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                            Filesize

                            1KB

                            MD5

                            98215dcd768e215499f13291c75d966b

                            SHA1

                            5d589850d92ffe019b4cfe0d031cd8094de256e7

                            SHA256

                            345f04a93882e1a48193dc239c7926c03ec697ec1a98fabbf377ce3f2c44bfbb

                            SHA512

                            80045c64c4923428b1c4ab58a6cd5d76edbdd5d877c6e034131412ec993ca50e86b0e9ed7cf56437ae2d1b693d547b9902ccb856b78f295a06aa549e05d36b31

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                            Filesize

                            2B

                            MD5

                            d751713988987e9331980363e24189ce

                            SHA1

                            97d170e1550eee4afc0af065b78cda302a97674c

                            SHA256

                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                            SHA512

                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                            Filesize

                            356B

                            MD5

                            12407b7f8c2f4f46b9233a12b712a0bb

                            SHA1

                            767ac2c11b136fb018f1088febad6e8764954ad9

                            SHA256

                            24609bbb6de27a0741b91785a0fb4fa8688226d2298580de5e13d738086a1017

                            SHA512

                            05fa8679ad60824d730ea45d8784e98ebc9dd1516f7b4d18fe8b1af92d14d9b90438df8717b2c706ea008d220a3da7531655eedaac29643cbf7774aa514020ab

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            ad67f4c17d63187c2cf94bd6088db6a6

                            SHA1

                            138398188ecd40886f786160ce927a878c270a54

                            SHA256

                            52d0486a0258e03ecbd1fc53ee545d14e7703a21e95b1ce27d62115a3db1572e

                            SHA512

                            614b04bbf286b60d65d56433524936fea8d43dd50e33f7322e27d1d548f28c5f32075ca7124e560cd2a14df27c9d11db1b988b29042c5405ee8be7b5d48e6106

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe57e80e.TMP
                            Filesize

                            2KB

                            MD5

                            e824ddb15c9337566baedabb5b11526c

                            SHA1

                            06353e2dbe2effb2d394360ea45ec1a1fb724568

                            SHA256

                            67e8c51f8766a540099fb8ad7c6927b18328d115b71868b3df00088043d905ed

                            SHA512

                            099d13b858b56d99c7d6b190d9eb2e3df77bb43f41a729546b4d1489e29e5b9b8c24cfb82320c8b49e2a8ea4fd83a1b420a5abf0f6ebff69176c7786684589a5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                            Filesize

                            16KB

                            MD5

                            471f82f98db797f68f04ea525f90cfd2

                            SHA1

                            80aefdbae7c3e9a95e3daaab64b468b1792ea281

                            SHA256

                            ddfd26224fb13cc9674b0c8ab7fc712bac641f455792fa15f2fde5b9724b3ae2

                            SHA512

                            255965e871341b296171e5b044809b0d600c01eef2ef83443e50c9ce89a87264a3aec9a2901de7512b9a895ab6d98ab522d227114ca8ae973a8b4e67d5302c6f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                            Filesize

                            285KB

                            MD5

                            99a46d54f5a6a8f03314ee134888e93e

                            SHA1

                            c68d1a50b5c25d21ccada98d431b4c60599e99e4

                            SHA256

                            f30626fd3f0ab22560e8e38728986cc71383be137386069174c634fa1f1d76dc

                            SHA512

                            2468cd664e20a8d1fa293e0d19357ab55c26ec605d7248a26f28dfdfb348d7981f8060a87abe91484df831bb31aa8760cd13195005e7eaff8a7ea2f9fc20c648

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
                            Filesize

                            7KB

                            MD5

                            302c481c2e91d4210766feacce49c27b

                            SHA1

                            1078c655e793bff210e7047e5b30d570a533c1fe

                            SHA256

                            c5756bc5e9220af8843add49c763502874500b2e2267e13c93eb4933a7170bf9

                            SHA512

                            140084b1d226a191cbf371cb8b2dd05f4b89c146932f452f5f07e535d3212b94f5b8f42f4278365961aff79962c0a8f8f098e24cecaf0188d35fd08dda11aede

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
                            Filesize

                            8KB

                            MD5

                            cb8c998faca0779026c74cea0af9550a

                            SHA1

                            ed78c21306faf0ceda97a4e3e4b2f6809c6cd0f0

                            SHA256

                            5546168edce0781210074b5e0aaff03eef382c54922f7d979fb435c02aa1557d

                            SHA512

                            fc29babca34ac7ee2cac7552b2cb2ad5a9250cb124dfca11359d9ce1b157d7884fd49ceab7d833f249a3effd0064a430dfb8172e6ebf93c00a49341b80ea3076

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\b6a22e7b99ad3704.bin
                            Filesize

                            12KB

                            MD5

                            526c2c426dda8cf0fc5b6f79a4c620b4

                            SHA1

                            282c3f0b81aee39cbcfe7dfdf7a00d94cb9df6fe

                            SHA256

                            495616d6460ab5606e6096e5cc4929852374a37b9b4504ff4994a5c9c50ecfdd

                            SHA512

                            552e210a7f565346753d621969d42299a8dbaff052bb6e9d8916e657d1d16eb54750d5e179a99fab7cda0e1e1c4bdea48842074dee332e7c41a6fcb977b1d25d

                            Download Submit

                          • C:\Windows\SysWOW64\perfhost.exe
                            Filesize

                            1.2MB

                            MD5

                            575dc63a408785993ed557337e62f319

                            SHA1

                            bf855af32cbe05e8d20baaae5fdd7b1dc09cb2da

                            SHA256

                            88324e6301aa8e7c5b78a7acbbe669bbc7c72d518339faedd137bc735f895fb9

                            SHA512

                            be205cea61b86e191bb6204dd1753f5234a5f7259c96ff8d92ef55fe9b1a4ec5cce68e7a9ee1f61af63ca1ba63e877570af9194faaaef7a68b39b90a4fdb1c39

                            Download Submit

                          • C:\Windows\System32\AgentService.exe
                            Filesize

                            1.7MB

                            MD5

                            fa435cccaa8fad9314f003ed80183a1f

                            SHA1

                            97de2cd9b2e364043f1b491d4bdbf10230c4e9f1

                            SHA256

                            0126bde5f5dc5020872d65200c3726279c622d2826908fbb9e13d92394a3beff

                            SHA512

                            4024b24b35ce877c7887ac3cea47c8223e4e9ec6d0b9e7f72f8780d7b75e3f1b90839cfeb65894d3474a855bf09a5668fc39d589a46ee6a06831c31807cfeae0

                            Download Submit

                          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
                            Filesize

                            1.2MB

                            MD5

                            807321d477bc1c571a17c3998efb28ad

                            SHA1

                            09c01f4d62f5086f00f3600d09216e0fcac38fe7

                            SHA256

                            630b0cdb612247db1770ed3a94e85ffd7cb9da475189b8514831e12c0d871426

                            SHA512

                            cff13497b62e22b91cff666b0fb8fe84eb7ec764c93d61fe11a986ade67e4cc0ee02079df2d76e5466658d4713dc163a221a2a6c0a9c0dabe6d2285dacd38a67

                            Download Submit

                          • C:\Windows\System32\FXSSVC.exe
                            Filesize

                            1.2MB

                            MD5

                            25d0725484a024f9efceb27efbd1fe0d

                            SHA1

                            fc7dabc1d6722665710264e9013c395b73c23367

                            SHA256

                            2bd625a9735cd7a3c96af42fba4929314d4ea9c42d74fbd5c41fa2fb302633af

                            SHA512

                            c0083ed156123cc5b8afd167c2d34fc11d75b7dc9a194df5f7469d06d8b5a9553fc4b5564c114c9c0ce6f9461b9dbaacd25b91fcbbe53e481599f71b471642ca

                            Download Submit

                          • C:\Windows\System32\Locator.exe
                            Filesize

                            1.2MB

                            MD5

                            719fd04e2c9f12de80ea819a4f156e24

                            SHA1

                            753825c569a548f097758fe8e80fcc54763a742a

                            SHA256

                            93ceb8682268d9bae30f5ced9548941bda9f333f7d4069ff54ac515e53cca2f5

                            SHA512

                            d571b4799149aa38f4a81233c3437092427025b8f650b6eeafc89afc399f301fc126c96e7b168577671658295bfc26ba3a25fb343260731ba19db37f4bdab6d6

                            Download Submit

                          • C:\Windows\System32\OpenSSH\ssh-agent.exe
                            Filesize

                            1.5MB

                            MD5

                            820fa93d6245524b8b21e711c6dcfa80

                            SHA1

                            2f5975d67a8836be849f0e42a65bb2b80a308222

                            SHA256

                            d3565c911461b89bba8b323198f3d1df694ba205f139a2bb278a51ff82acecd2

                            SHA512

                            c2f7462652870c9bbdf0e5ddffd0243b36c3d58d11a3162d96074cb430161d52c682d909a5319cfb5dd1aea8631d92dc1cbbb2e537609a44cf697c0e0ded71f9

                            Download Submit

                          • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
                            Filesize

                            1.2MB

                            MD5

                            e08a79d2a80aaa499f2bf07d386beeea

                            SHA1

                            26aaec4bc657fce329c49bbf60c506af9ecd7260

                            SHA256

                            f5769492218ebe4f2c54fbb4fa8d687208f70759b174f853dc126c4620d9d89d

                            SHA512

                            47b781b735b423486b48a84ee56e03daeb55cca4644c13c2581aeec42eaac4f3e8d912faf57d9fef8cc656511afafcdf500af21601da492471e1edd8ab5b56ff

                            Download Submit

                          • C:\Windows\System32\SearchIndexer.exe
                            Filesize

                            1.4MB

                            MD5

                            b50ad138ac0ee9fae027e103fabfcef9

                            SHA1

                            2731595278aec01032e85cd9832a27e685a427ee

                            SHA256

                            1d2945dc73ac921b86d5f63255e69337e1abc2b612566f79f156c738291d6466

                            SHA512

                            d3a6d6aa93688b28002aaff8424e0852e74115250ee57d556cfda6f4eedb7d2791250bcfe0077df1f5469da09c55d9ad44ed274ab3970b971ab063b98eb4476c

                            Download Submit

                          • C:\Windows\System32\SensorDataService.exe
                            Filesize

                            1.8MB

                            MD5

                            ebfe5d7f76014ba6f78600b6ce4d27c0

                            SHA1

                            935c32f060f15588cc59afa6aac7ef5954e3df60

                            SHA256

                            1d5bcc4af6a3795018449d41345b68352de874331675a280358bb278f0704216

                            SHA512

                            40951b870a336921b14b26eaa05b8a2e678d2f6cff2a852715a4b2485032b1a0561051a4f3265b073fb07ebf2d3bd5a6e1aa3d1c1dc8c4542d84947dc7791267

                            Download Submit

                          • C:\Windows\System32\Spectrum.exe
                            Filesize

                            1.4MB

                            MD5

                            ed4bceae3fe4e07bf3d2cee8e4dd71fb

                            SHA1

                            f538ec76c7ac17b6735f0dfab19d91c7468608ce

                            SHA256

                            f4adb20f78764a32705762fca1fa9601de6aa1185833a7a7c532c064a03c098b

                            SHA512

                            b91357f18a69c50fb6378f06fda9206ed2130efa9079fc9daace04921b8dfc5bda94fb0ef141ea2e836042ceed371d86d4b04a26fdecc88a295976ca4f4901ae

                            Download Submit

                          • C:\Windows\System32\TieringEngineService.exe
                            Filesize

                            1.5MB

                            MD5

                            36aeb2ea40f5f4a10a32f619fbf8451f

                            SHA1

                            3fe55325382c28556f40cae2756729bca152107c

                            SHA256

                            3330b38667959947d9c377d311813e3f3ab0edceb8c8e3a0625c3d74ffa1b7a0

                            SHA512

                            10d78a77683409e76e380151c6dec4769200ce049190bbaa634c48c9744dcf32d0c3b46b9800e9749efb0b8e166235ff03b37cd32a0ce9dba901f5523527d686

                            Download Submit

                          • C:\Windows\System32\VSSVC.exe
                            Filesize

                            2.0MB

                            MD5

                            c04eef1dfa12fd7618f6fee6574fae04

                            SHA1

                            f758a732e0885b409fd2a6ca4a5052cffa877f94

                            SHA256

                            4fa1e79fe765698535015cdd4aa1e920a0e38de26442434fa57d62732c810ea5

                            SHA512

                            a352f1bd856e5a6303090f374388fc33ef0146d80ebf1a58a349ea50d2ef06582e27f16208e4633f2fa58bab49c97cb27d007bea529d2999f273fb5a6dc9be31

                            Download Submit

                          • C:\Windows\System32\alg.exe
                            Filesize

                            1.2MB

                            MD5

                            2b9669edde0c465484c3574b8830602a

                            SHA1

                            289099b61cdd76a5bb48cb996adef7de181e6e47

                            SHA256

                            78beb79c68ce9a7decfbf3452cce52b26a19d77e20ebbcf6f1b1abb022208a94

                            SHA512

                            be6808f2d50108d8b051e58bfa9f2dd403545b39d764fe8caa294c2551831fdc63a2d78f82be552b231e2f6b021a2cec600393c3fa1cf473d298e9e41ff93b11

                            Download Submit

                          • C:\Windows\System32\msdtc.exe
                            Filesize

                            1.3MB

                            MD5

                            3cd250ffd0ed1d612440670f9012e1de

                            SHA1

                            473a386539130cd3e2e7db2695201acbfbcee738

                            SHA256

                            515fec6511adc55a0e8e36b322d8fbb017993da21f7c4f62831b11093d08e99a

                            SHA512

                            25460d90206d7c2061d307d2ba09ebd7b2048c61b16f627198f8f4382f4ea491f67089d5431adde44874c9b0046f7a5b558ad1d332307469c603f2055916aa6a

                            Download Submit

                          • C:\Windows\System32\snmptrap.exe
                            Filesize

                            1.2MB

                            MD5

                            c8eb9eadec08985206cac2b7fad2d8e6

                            SHA1

                            c09eab54d00449deea657fba4c392bb26fff087e

                            SHA256

                            08ad4bcbc9a1913b75a8dd7f56bc4fd67a97e6a0a1790035c7b44d5bb9f93f40

                            SHA512

                            73cad28655e67129c6db4659627ac9f65fe2aa1350d63fb793cc17619aa2703fea6df75dbc296b26b11f584dc3e3f40bccd5f4c28bcdb1200d009162fb3f8bb9

                            Download Submit

                          • C:\Windows\System32\vds.exe
                            Filesize

                            1.3MB

                            MD5

                            a1d7c623e5655038f470ee5f71e8d9ba

                            SHA1

                            31264cc12d47e75699b875482e7dc94230a447cc

                            SHA256

                            7553bd2ed185be0083c021cc69d761b5f10fc55252e3fb6add4cdb8045cf638c

                            SHA512

                            419b36850301aee56cf5282dc02ea83956a6408585d9dff3616c0b6b992843fd57a41694a10e9ed7d65e7bbe2bdf9e79e32ed8a6daf0c148f72b37d0b1b78ebd

                            Download Submit

                          • C:\Windows\System32\wbem\WmiApSrv.exe
                            Filesize

                            1.3MB

                            MD5

                            48b7ffb2b0c28da01efd890c3e9ba00d

                            SHA1

                            be9c8dc5253b3294db9a98c8e5e4514965d79a8c

                            SHA256

                            2fd2ea8924222fb6c641e17f40a2f09f341acf4cb7d04cf0c82811e35540a480

                            SHA512

                            900e437d8ca31cbd4c275e4cd9d7298c2e7c19312d22453be58d5a4c9690ce115100eb73c29f6243bf88dab25b52028d2cec52742a508c6533c68ef90f2f4390

                            Download Submit

                          • C:\Windows\System32\wbengine.exe
                            Filesize

                            2.1MB

                            MD5

                            018f15f0bcb79656520a9c4215d8cda4

                            SHA1

                            b2ab2cf1be9c714f309195b40be7567bb9bc0921

                            SHA256

                            58984cc7daf7b859878c3888e1025fbe246448053c4d9a6a2f35f8dc50f6ba42

                            SHA512

                            6b7ca3840a39854f19c04618bb5da3dde1b0da14e468c4522ed80bad58b05bcb4b59b0cf25f009b7fe1eef5fcf2b17dd0b242bcc03f8ffaf8e08e4f4f9bd8c28

                            Download Submit

                          • C:\Windows\TEMP\Crashpad\settings.dat
                            Filesize

                            40B

                            MD5

                            0481187f7a375d872ace4bfc191c5d65

                            SHA1

                            5e2da853f4ac21660f995b5e123d284cc9b7414b

                            SHA256

                            48c57a586f0052d5822f5d3e2e129eac52b1141f516cdab9ccd809c7c6476c10

                            SHA512

                            0b3729bc4de7683b0ced8108e1dea8b3a0df8f1977f09ae9ac18e965520b678250bf23e0feab8948241586e67249b9a093cff3bed322acf02f039111bafaeac7

                            Download Submit

                          • C:\Windows\system32\AppVClient.exe
                            Filesize

                            1.3MB

                            MD5

                            440671ea760906cedb8ed9afe09b945f

                            SHA1

                            a33215358de4f220a355e8da78ce62cdb6e8184b

                            SHA256

                            3a27c1d713d9c49a5afdb4c6c97f72f0dac9bd9f4b7a4491ff731cec58c8323c

                            SHA512

                            6b1f8f3e3ae4d3b4a268f6bfde31b3044571b9eefe03042f4b0a257fc494b888846756a14f058286e8c986756d536147479e551edadfff3c332cc65b1f91d47e

                            Download Submit

                          • C:\Windows\system32\SgrmBroker.exe
                            Filesize

                            1.4MB

                            MD5

                            44f8fea05ffa22d5cf227b1241c32de9

                            SHA1

                            c8df13dd9b067e8c1f397b2d3511066a1fb6b80c

                            SHA256

                            ecf9dcad127e61e0a4b177b691221f3379677a11fc549a14d5e8642f125ef39b

                            SHA512

                            8d22121e94393f1708381ed7f06202ef565b1736ef04abc73ff0b36759fd89d0b72dbbdf464f8469adc4ce57e088b5df88abdb5843ad71bb697fd3b5b676aea6

                            Download Submit

                          • C:\Windows\system32\msiexec.exe
                            Filesize

                            1.2MB

                            MD5

                            c8d65e8372f27aff42700098ac149cb5

                            SHA1

                            5d2ee04167e7d1c45458299dada0f7381af34a4d

                            SHA256

                            eee0e106f18afc0dc1997044643bd16d55a4815385a796aa414cda3d8135b896

                            SHA512

                            125aaa0947f73896a54e293ede1f36be94b1ff7a752a2a862bca312305e64de1eda86109205819fa2fdcde8d03161db0b4bd50f4a90324fcfb7f8164bf963c4f

                            Download Submit

                          • memory/536-357-0x0000000000400000-0x000000000052E000-memory.dmp

                            Filesize

                            1.2MB

                            Download

                          • memory/984-363-0x0000000140000000-0x000000014012D000-memory.dmp

                            Filesize

                            1.2MB

                            Download

                          • memory/1152-567-0x0000000140000000-0x00000001401D7000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/1152-359-0x0000000140000000-0x00000001401D7000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/1364-72-0x0000000000E80000-0x0000000000EE0000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/1364-74-0x0000000140000000-0x0000000140135000-memory.dmp

                            Filesize

                            1.2MB

                            Download

                          • memory/1364-59-0x0000000000E80000-0x0000000000EE0000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/1364-53-0x0000000000E80000-0x0000000000EE0000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/1888-741-0x0000000140000000-0x000000014015D000-memory.dmp

                            Filesize

                            1.4MB

                            Download

                          • memory/1888-376-0x0000000140000000-0x000000014015D000-memory.dmp

                            Filesize

                            1.4MB

                            Download

                          • memory/2464-36-0x0000000000700000-0x0000000000760000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/2464-35-0x0000000140000000-0x0000000140141000-memory.dmp

                            Filesize

                            1.3MB

                            Download

                          • memory/2464-739-0x0000000140000000-0x0000000140141000-memory.dmp

                            Filesize

                            1.3MB

                            Download

                          • memory/2464-37-0x0000000000700000-0x0000000000760000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/2464-29-0x0000000000700000-0x0000000000760000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/2480-370-0x0000000140000000-0x0000000140147000-memory.dmp

                            Filesize

                            1.3MB

                            Download

                          • memory/2520-656-0x0000000140000000-0x00000001404A3000-memory.dmp

                            Filesize

                            4.6MB

                            Download

                          • memory/2520-21-0x0000000140000000-0x00000001404A3000-memory.dmp

                            Filesize

                            4.6MB

                            Download

                          • memory/2520-12-0x0000000000510000-0x0000000000570000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/2520-18-0x0000000000510000-0x0000000000570000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/2772-349-0x0000000140000000-0x0000000140150000-memory.dmp

                            Filesize

                            1.3MB

                            Download

                          • memory/2860-366-0x0000000140000000-0x0000000140199000-memory.dmp

                            Filesize

                            1.6MB

                            Download

                          • memory/3044-375-0x0000000140000000-0x0000000140216000-memory.dmp

                            Filesize

                            2.1MB

                            Download

                          • memory/3356-364-0x0000000140000000-0x0000000140169000-memory.dmp

                            Filesize

                            1.4MB

                            Download

                          • memory/3792-356-0x0000000140000000-0x0000000140142000-memory.dmp

                            Filesize

                            1.3MB

                            Download

                          • memory/3864-63-0x0000000000710000-0x0000000000770000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/3864-348-0x0000000140000000-0x000000014024B000-memory.dmp

                            Filesize

                            2.3MB

                            Download

                          • memory/3864-69-0x0000000000710000-0x0000000000770000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/3864-475-0x0000000140000000-0x000000014024B000-memory.dmp

                            Filesize

                            2.3MB

                            Download

                          • memory/3876-0-0x0000000001FE0000-0x0000000002040000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/3876-26-0x0000000140000000-0x00000001404A3000-memory.dmp

                            Filesize

                            4.6MB

                            Download

                          • memory/3876-9-0x0000000001FE0000-0x0000000002040000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/3876-8-0x0000000140000000-0x00000001404A3000-memory.dmp

                            Filesize

                            4.6MB

                            Download

                          • memory/3992-368-0x0000000140000000-0x0000000140179000-memory.dmp

                            Filesize

                            1.5MB

                            Download

                          • memory/4120-355-0x0000000140000000-0x0000000140166000-memory.dmp

                            Filesize

                            1.4MB

                            Download

                          • memory/4148-86-0x0000000000C40000-0x0000000000CA0000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/4148-98-0x0000000140000000-0x0000000140166000-memory.dmp

                            Filesize

                            1.4MB

                            Download

                          • memory/4220-373-0x0000000140000000-0x00000001401FC000-memory.dmp

                            Filesize

                            2.0MB

                            Download

                          • memory/4384-76-0x00000000001A0000-0x0000000000200000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/4384-740-0x0000000140000000-0x000000014022B000-memory.dmp

                            Filesize

                            2.2MB

                            Download

                          • memory/4384-82-0x00000000001A0000-0x0000000000200000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/4384-347-0x0000000140000000-0x000000014022B000-memory.dmp

                            Filesize

                            2.2MB

                            Download

                          • memory/4512-216-0x0000000140000000-0x00000001401C0000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/4524-43-0x00000000006B0000-0x0000000000710000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/4524-49-0x00000000006B0000-0x0000000000710000-memory.dmp

                            Filesize

                            384KB

                            Download

                          • memory/4524-346-0x0000000140000000-0x0000000140140000-memory.dmp

                            Filesize

                            1.2MB

                            Download

                          • memory/4624-358-0x0000000140000000-0x000000014012C000-memory.dmp

                            Filesize

                            1.2MB

                            Download

                          • memory/4864-377-0x0000000140000000-0x0000000140179000-memory.dmp

                            Filesize

                            1.5MB

                            Download

                          • memory/4864-742-0x0000000140000000-0x0000000140179000-memory.dmp

                            Filesize

                            1.5MB

                            Download

                          • memory/5416-637-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          • memory/5416-527-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          • memory/5608-537-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          • memory/5608-743-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          • memory/5760-626-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          • memory/5760-562-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          • memory/5828-744-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          • memory/5828-563-0x0000000140000000-0x000000014057B000-memory.dmp

                            Filesize

                            5.5MB

                            Download

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.