Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 18:29 UTC

General

  • Target

    0e05714577948291d4d194ea8ddf6f8cc12dcdd31f01ba2195c0c4afb952cef6.exe

  • Size

    73KB

  • MD5

    4e6a72392f01ffb3bae293a6c4b955d1

  • SHA1

    ab6910a9f4482e8409e35be2953cd8b26385927c

  • SHA256

    0e05714577948291d4d194ea8ddf6f8cc12dcdd31f01ba2195c0c4afb952cef6

  • SHA512

    24c5894443c641876c4969ab1e56e7833f09f0984e296a9a5dcc6f26138d9d22daf90f9c6fcd3f7114f1754656d42d1560965047b3353c40ac21f3d016a79a5c

  • SSDEEP

    1536:IU9ccx4y3lCl6PMVy1aievkWIKH1bI/91LgsQzcX3VclN:IU+cx4yVy6PMVgazbH1bIVxgsQilY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

Mutex

xpjcrciguzejg

Attributes
  • delay

    1

  • install

    true

  • install_file

    WIN64.exe

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/WPTghhr7

aes.plain
1
xRCz34vOJoYMfsT59YPeQDRNxp3TxF6F

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • VenomRAT 2 IoCs

    Detects VenomRAT.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e05714577948291d4d194ea8ddf6f8cc12dcdd31f01ba2195c0c4afb952cef6.exe
    "C:\Users\Admin\AppData\Local\Temp\0e05714577948291d4d194ea8ddf6f8cc12dcdd31f01ba2195c0c4afb952cef6.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "WIN64" /tr '"C:\Users\Admin\AppData\Roaming\WIN64.exe"' & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3096
      • C:\Windows\system32\schtasks.exe
        schtasks /create /f /sc onlogon /rl highest /tn "WIN64" /tr '"C:\Users\Admin\AppData\Roaming\WIN64.exe"'
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1152
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp32C3.tmp.bat""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4616
      • C:\Windows\system32\timeout.exe
        timeout 3
        3⤵
        • Delays execution with timeout.exe
        PID:2984
      • C:\Users\Admin\AppData\Roaming\WIN64.exe
        "C:\Users\Admin\AppData\Roaming\WIN64.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3116
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4372,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:8
    1⤵
      PID:2992

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      25.140.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      25.140.123.92.in-addr.arpa
      IN PTR
      Response
      25.140.123.92.in-addr.arpa
      IN PTR
      a92-123-140-25deploystaticakamaitechnologiescom
    • flag-us
      DNS
      64.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      64.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=17EADB65E6786A4108F4CFBAE75F6BE2; domain=.bing.com; expires=Fri, 12-Sep-2025 18:29:13 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 79043E9F81D04B59B05E776BEBBB9709 Ref B: LON04EDGE0620 Ref C: 2024-08-18T18:29:13Z
      date: Sun, 18 Aug 2024 18:29:12 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=17EADB65E6786A4108F4CFBAE75F6BE2
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=6kQ3F8xcPNiaGmDwngYzcYrElw6StJT5yPJ7XqH8uyU; domain=.bing.com; expires=Fri, 12-Sep-2025 18:29:13 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: FE6CEE154AE14B40ACDA48DFCA0D7441 Ref B: LON04EDGE0620 Ref C: 2024-08-18T18:29:13Z
      date: Sun, 18 Aug 2024 18:29:12 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=17EADB65E6786A4108F4CFBAE75F6BE2; MSPTC=6kQ3F8xcPNiaGmDwngYzcYrElw6StJT5yPJ7XqH8uyU
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 0AFAA73ADFAF4CC29F3A23C94A4730D1 Ref B: LON04EDGE0620 Ref C: 2024-08-18T18:29:13Z
      date: Sun, 18 Aug 2024 18:29:12 GMT
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      pastebin.com
      WIN64.exe
      Remote address:
      8.8.8.8:53
      Request
      pastebin.com
      IN A
      Response
      pastebin.com
      IN A
      104.20.3.235
      pastebin.com
      IN A
      172.67.19.24
      pastebin.com
      IN A
      104.20.4.235
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:17 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: MISS
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f7ed8b7452cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:20 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 3
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f80188b152cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:23 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 6
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f814deca52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:26 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 9
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8280c5552cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:29 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 12
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f83b29ce52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:32 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 15
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f84e6f3f52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:35 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 18
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8618ce152cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:38 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 21
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f874cb9752cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:41 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 24
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8880d7552cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:44 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 27
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f89b2a5e52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:48 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 31
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8b0aa0252cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:51 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 34
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8c3cadb52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:54 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 37
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8d6e82252cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:29:57 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 40
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8ea09af52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:00 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 43
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f8fd3af852cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:03 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 46
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f9105c1f52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:06 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 49
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f92399d452cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:09 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 52
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f936e95052cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:12 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 55
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f94a0f5952cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:15 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 58
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f95d4ced52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:18 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 61
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f9709ab352cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:22 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 65
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f983c87952cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:25 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 68
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f996ee5452cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:28 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 71
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f9aa0a8252cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:31 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 74
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f9bd3a3552cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:34 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 77
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f9d05f6652cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:37 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 80
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f9e3887052cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:40 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 83
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53f9f6b96152cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:43 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 86
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa09ff5e52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:46 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 89
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa1d5d5252cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:49 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 92
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa308abc52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:52 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 95
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa43df0252cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:55 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 98
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa570d8652cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:30:58 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 101
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa6a4a7b52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:02 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 105
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa7e7b5852cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:05 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 108
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fa938d7952cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:08 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 111
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53faa6cd3552cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:11 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 114
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fab9eb9152cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:14 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 117
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53facd289652cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:17 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 120
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fae08e3f52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:20 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 123
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53faf3de0752cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:24 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 127
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fb071bcd52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:27 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 130
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fb1a3f9a52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:30 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 133
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fb2d7dee52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:33 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 136
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fb447bbc52cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:36 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 139
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fb57a95552cc-LHR
    • flag-us
      GET
      https://pastebin.com/raw/WPTghhr7
      WIN64.exe
      Remote address:
      104.20.3.235:443
      Request
      GET /raw/WPTghhr7 HTTP/1.1
      Host: pastebin.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 18 Aug 2024 18:31:39 GMT
      Content-Type: text/plain; charset=utf-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      x-frame-options: DENY
      x-content-type-options: nosniff
      x-xss-protection: 1;mode=block
      cache-control: public, max-age=1801
      CF-Cache-Status: HIT
      Age: 142
      Last-Modified: Sun, 18 Aug 2024 18:29:17 GMT
      Server: cloudflare
      CF-RAY: 8b53fb6ae89552cc-LHR
    • flag-us
      DNS
      235.3.20.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      235.3.20.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      13.86.106.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.86.106.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      48.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 512342
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 88D8D68EA4AE403E9361CD97CC17959E Ref B: LON04EDGE1209 Ref C: 2024-08-18T18:30:51Z
      date: Sun, 18 Aug 2024 18:30:51 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 540045
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: B1F97CFD97744B1095D0E4B40E0AB4D9 Ref B: LON04EDGE1209 Ref C: 2024-08-18T18:30:51Z
      date: Sun, 18 Aug 2024 18:30:51 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 681783
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F43AB24B121D42498F8DC18822F37BB9 Ref B: LON04EDGE1209 Ref C: 2024-08-18T18:30:51Z
      date: Sun, 18 Aug 2024 18:30:51 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      Remote address:
      150.171.27.10:443
      Request
      GET /th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 739143
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 2C60B5F09E8A485E802646548ADB93D0 Ref B: LON04EDGE1209 Ref C: 2024-08-18T18:30:53Z
      date: Sun, 18 Aug 2024 18:30:53 GMT
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      tls, http2
      2.0kB
      9.3kB
      21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=224b1bec452d40ba878fa3331e9fa55c&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204
    • 104.20.3.235:443
      https://pastebin.com/raw/WPTghhr7
      tls, http
      WIN64.exe
      8.9kB
      30.5kB
      108
      106

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200

      HTTP Request

      GET https://pastebin.com/raw/WPTghhr7

      HTTP Response

      200
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.4kB
      7.8kB
      16
      13
    • 150.171.27.10:443
      https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
      tls, http2
      88.7kB
      2.6MB
      1890
      1884

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418560_12H05GS2AXF1O4KMU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418559_1LXGGCLQWFST3067K&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301357_1M7VV0SOSJXWEGMMP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317300924_1N7S5A2UISE5XQ4TY&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

      HTTP Response

      200
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      6.9kB
      15
      13
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
      6.9kB
      15
      13
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
      90 B
      1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      146 B
      147 B
      2
      1

      DNS Request

      133.211.185.52.in-addr.arpa

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      25.140.123.92.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      25.140.123.92.in-addr.arpa

    • 8.8.8.8:53
      64.159.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      64.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      pastebin.com
      dns
      WIN64.exe
      58 B
      106 B
      1
      1

      DNS Request

      pastebin.com

      DNS Response

      104.20.3.235
      172.67.19.24
      104.20.4.235

    • 8.8.8.8:53
      235.3.20.104.in-addr.arpa
      dns
      71 B
      133 B
      1
      1

      DNS Request

      235.3.20.104.in-addr.arpa

    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      13.86.106.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      13.86.106.20.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      70 B
      144 B
      1
      1

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      48.229.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      48.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      186 B
      170 B
      3
      1

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmp32C3.tmp.bat

      Filesize

      149B

      MD5

      52248ee12f6fed4b2e82c8220fc220d7

      SHA1

      cb9c765bbf74201aab86ffd80d34a4878360cd0c

      SHA256

      d5f441667ff31b00ce82b09475f058e3227c05a1d059a5dc0e388bf89745a2f9

      SHA512

      b499228379c69b297b193de4a7771f1cf04686f8ba781a6788cc370a9d4b10aafc08035a9a84ee0287484f1e15ed66535c4cf4feab81886b0bcf060f6c303401

    • C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf

      Filesize

      8B

      MD5

      cf759e4c5f14fe3eec41b87ed756cea8

      SHA1

      c27c796bb3c2fac929359563676f4ba1ffada1f5

      SHA256

      c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761

      SHA512

      c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

    • C:\Users\Admin\AppData\Roaming\WIN64.exe

      Filesize

      73KB

      MD5

      4e6a72392f01ffb3bae293a6c4b955d1

      SHA1

      ab6910a9f4482e8409e35be2953cd8b26385927c

      SHA256

      0e05714577948291d4d194ea8ddf6f8cc12dcdd31f01ba2195c0c4afb952cef6

      SHA512

      24c5894443c641876c4969ab1e56e7833f09f0984e296a9a5dcc6f26138d9d22daf90f9c6fcd3f7114f1754656d42d1560965047b3353c40ac21f3d016a79a5c

    • memory/2008-0-0x00007FF888EE3000-0x00007FF888EE5000-memory.dmp

      Filesize

      8KB

    • memory/2008-1-0x00000000009A0000-0x00000000009B6000-memory.dmp

      Filesize

      88KB

    • memory/2008-3-0x00007FF888EE0000-0x00007FF8899A1000-memory.dmp

      Filesize

      10.8MB

    • memory/2008-8-0x00007FF888EE0000-0x00007FF8899A1000-memory.dmp

      Filesize

      10.8MB

    • memory/2008-9-0x00007FF888EE0000-0x00007FF8899A1000-memory.dmp

      Filesize

      10.8MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.