metamorpherrat | cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f

Analysis

max time kernel
131s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/12/2024, 02:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe
Size

78KB
MD5

ff8f48e89cdd1f1bb1373e4030cf36dc
SHA1

d1e97a665c5ea8c2d6ade1a6438217993795b1d5
SHA256

cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f
SHA512

15bfe443c92bbd35e940c04704cdede2e53fe07e11f2e778ca61943324cbceb635eb2155d254181c9d6644db0601f6d528661a205a6ee238aa1935ab9e5a625d
SSDEEP

1536:YoRWtHHuaJtZAlGmWw644txVILJtcfJuovFdPKmNqOqD70Gou2P2oYe9QtMu9/SG:fRWtH/3ZAtWDDILJLovbicqOq3o+nMup

Score

10^/10

metamorpherrat discovery persistence rat stealer trojan

Malware Config

Signatures

MetamorpherRAT
Metamorpherrat is a hacking tool that has been around for a while since 2013.
trojan rat stealer metamorpherrat
Metamorpherrat family
metamorpherrat

Executes dropped EXE 1 IoCs

pid	Process
2696	tmpA6E9.tmp.exe

Loads dropped DLL 2 IoCs

pid	Process
1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe
1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe

Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\caspol.exe = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallMembership.exe\""	tmpA6E9.tmp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tmpA6E9.tmp.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe
Token: SeDebugPrivilege	2696	tmpA6E9.tmp.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1880	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	30
PID 1732 wrote to memory of 1880	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	30
PID 1732 wrote to memory of 1880	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	30
PID 1732 wrote to memory of 1880	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	30
PID 1880 wrote to memory of 2332	1880	vbc.exe	32
PID 1880 wrote to memory of 2332	1880	vbc.exe	32
PID 1880 wrote to memory of 2332	1880	vbc.exe	32
PID 1880 wrote to memory of 2332	1880	vbc.exe	32
PID 1732 wrote to memory of 2696	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	33
PID 1732 wrote to memory of 2696	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	33
PID 1732 wrote to memory of 2696	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	33
PID 1732 wrote to memory of 2696	1732	cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe	33

C:\Users\Admin\AppData\Local\Temp\cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe
"C:\Users\Admin\AppData\Local\Temp\cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rlzmz1ii.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1880
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA7D4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA7D3.tmp"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2332
- C:\Users\Admin\AppData\Local\Temp\tmpA6E9.tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmpA6E9.tmp.exe" C:\Users\Admin\AppData\Local\Temp\cb9a89b457c4f0c79fdeca213ab313a3d5e360d9021773c7e23290e3d70a9c8f.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2696

Network

DNS

bejnz.com

tmpA6E9.tmp.exe

Remote address:

8.8.8.8:53

Request

bejnz.com

IN A

Response

bejnz.com

IN A

44.221.84.105
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=245f5df635601f5a77b7180a78f40e85|181.215.176.83|1733280286|1733280286|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

t5tmike.no-ip.info

tmpA6E9.tmp.exe

Remote address:

8.8.8.8:53

Request

t5tmike.no-ip.info

IN A

Response
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=277c13a2fcccaad2bbf1dffbe5a8ed32|181.215.176.83|1733280287|1733280287|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e9fc602b7044f30738fc2df082c7a136|181.215.176.83|1733280289|1733280289|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1a868c8d5a45bdabce190e4f1a83ab9b|181.215.176.83|1733280290|1733280290|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=aca71fa293782e92a8414696add53164|181.215.176.83|1733280291|1733280291|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9d66dc9b26d6152fb2788d4291ca0b00|181.215.176.83|1733280292|1733280292|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=31c5bb61b1853ece5839af77d565451b|181.215.176.83|1733280294|1733280294|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5c11e17c87aadedc288c7fdbf0ecbb60|181.215.176.83|1733280295|1733280295|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b32117ab46938922898d95a3c883586b|181.215.176.83|1733280296|1733280296|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fa344796996d405f56d4a415608b40af|181.215.176.83|1733280297|1733280297|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:44:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c8c6aad6ec2ca1213fa48c4bec4297f6|181.215.176.83|1733280299|1733280299|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=488bb635fa180c23f35c2081617b301a|181.215.176.83|1733280300|1733280300|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fc80f8e458310d9e8791bb5c0ce6557b|181.215.176.83|1733280301|1733280301|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d3969eb39c6046b1a4bdb91ba077871f|181.215.176.83|1733280303|1733280303|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=49720e8adbd4c9c33a8c610de04552a7|181.215.176.83|1733280304|1733280304|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9c93f775198f2cf958b00b3c22e48661|181.215.176.83|1733280305|1733280305|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b7fd2ccb3f5961cd50815c472527121d|181.215.176.83|1733280306|1733280306|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6228db2b5b1033e9cb5e8c2355e48399|181.215.176.83|1733280308|1733280308|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c4b9216790985c09c582c43e6e2c2059|181.215.176.83|1733280309|1733280309|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dd6f6d153db355687e5bca2163e412b7|181.215.176.83|1733280310|1733280310|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fe3d1226e57952d84e5b24ed6f866a74|181.215.176.83|1733280311|1733280311|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2b34b8a5e3d4247f68cefea7a35ed099|181.215.176.83|1733280313|1733280313|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5d31cf6530f3a3b8069273af977d7552|181.215.176.83|1733280314|1733280314|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=920781d55ecee27ff6a53873904a6f21|181.215.176.83|1733280315|1733280315|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4edfdbfb24e9f9964d0bbb3e1217fac3|181.215.176.83|1733280316|1733280316|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7c11991500d77a8bd78f9cc2889a9ecb|181.215.176.83|1733280318|1733280318|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c0d80095452e6723698168b210fd7dd0|181.215.176.83|1733280319|1733280319|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=40ec9cbcf3c6a85b11c7a70b73e226ab|181.215.176.83|1733280320|1733280320|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b5e66caf7a9619285d7d50edd1054f3f|181.215.176.83|1733280321|1733280321|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5a5b065b4c3d3a9a2634b3bee1f80909|181.215.176.83|1733280323|1733280323|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=29e789c46a2c878c8d1ae5e6c6194811|181.215.176.83|1733280324|1733280324|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e44731769473a53376d6a2552aa67ab8|181.215.176.83|1733280325|1733280325|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=84fcacf0bdd57e9d346c26aa4cf9e14b|181.215.176.83|1733280327|1733280327|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a83aaa44c87b5774c0ccd2ed8e3d9381|181.215.176.83|1733280328|1733280328|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6a6c2c320249cd3706e29f495077b4d1|181.215.176.83|1733280329|1733280329|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3a69b89f336df3ca6d9b7cddec2cc6c4|181.215.176.83|1733280330|1733280330|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bb7362b649ce6e75c03574f0cdea6e66|181.215.176.83|1733280332|1733280332|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9394db56a7bed2b0ec613f054e228679|181.215.176.83|1733280333|1733280333|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=23b9589166fa0461c7ffbc10a2e7a11f|181.215.176.83|1733280334|1733280334|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ca9af10c19c055b3d2721c3ac633718c|181.215.176.83|1733280335|1733280335|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=11d4025ddbbde6ae323833e71e7c784b|181.215.176.83|1733280337|1733280337|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f724a3f1769db9c4204fc7052bbd4969|181.215.176.83|1733280338|1733280338|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6b3f62c1de78b42740640837a066868a|181.215.176.83|1733280339|1733280339|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c6d55130aa4949898f25c0a888c87009|181.215.176.83|1733280340|1733280340|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=47c2be1c009bd0cd6365544f1547e116|181.215.176.83|1733280342|1733280342|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b07e324f806b546e9144c0ef111331a9|181.215.176.83|1733280352|1733280352|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1ccb2114e4ac45e3db8ecc92a4f4d4f1|181.215.176.83|1733280354|1733280354|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6c9af3342d24c2b84e0e3769d3f9806b|181.215.176.83|1733280355|1733280355|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=747e313eff1dba513621a26673fda12d|181.215.176.83|1733280356|1733280356|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bdcb0bcce1355a0bb8b3aad8c24ac03b|181.215.176.83|1733280357|1733280357|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:45:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f0bbe7f9c9ac7de9d3bcdbf3dbbc93af|181.215.176.83|1733280359|1733280359|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0931c63f1268309dc584bf6e2dc8e893|181.215.176.83|1733280360|1733280360|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=780ac2501901a44801d6b81efc43097f|181.215.176.83|1733280370|1733280370|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=99067694c1fa5fff5942f7880c3f5d11|181.215.176.83|1733280374|1733280374|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a8289ac4784b590570b4662f4d231a2c|181.215.176.83|1733280375|1733280375|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=00c2305a27411b78b7658511fa34586e|181.215.176.83|1733280378|1733280378|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=97f1b0ed5384d121425aa15f7c971ba8|181.215.176.83|1733280383|1733280383|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=464f5c8951bfce098be372c497c67655|181.215.176.83|1733280385|1733280385|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0c6b25a809ad3eb24a2ddb3758069920|181.215.176.83|1733280386|1733280386|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9a6236ba6619fc1f8314f32d7f06f2ff|181.215.176.83|1733280387|1733280387|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=98147b4c561a8c77ca7ff19dc91a04d4|181.215.176.83|1733280389|1733280389|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=38790abfff0380922373abb55705b44f|181.215.176.83|1733280390|1733280390|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ea2825adfac4068889357fe1afb94566|181.215.176.83|1733280391|1733280391|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1c9c75d228788938207be7f8bc651913|181.215.176.83|1733280396|1733280396|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=08dd863926d7007f128ac6cd527e4509|181.215.176.83|1733280397|1733280397|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
GET

http://bejnz.com/IP.php

tmpA6E9.tmp.exe

Remote address:

44.221.84.105:80

Request

GET /IP.php HTTP/1.1
Host: bejnz.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 04 Dec 2024 02:46:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fee1f2e30bc6c79936b4bf2bd5f2b5bf|181.215.176.83|1733280409|1733280409|0|1|0; path=/; domain=.bejnz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT

44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

295 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

444 B
665 B
8
6

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

371 B
621 B
7
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

409 B
617 B
8
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

417 B
621 B
8
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

560 B
617 B
9
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

531 B
637 B
9
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

363 B
665 B
7
6

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
617 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

317 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
625 B
5
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

352 B
617 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

323 B
625 B
6
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

271 B
577 B
5
4

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

http://bejnz.com/IP.php

http

tmpA6E9.tmp.exe

433 B
617 B
7
5

HTTP Request

GET http://bejnz.com/IP.php

HTTP Response

200
44.221.84.105:80

bejnz.com

tmpA6E9.tmp.exe

152 B
3

8.8.8.8:53

bejnz.com

dns

tmpA6E9.tmp.exe

55 B
71 B
1
1

DNS Request

bejnz.com

DNS Response

44.221.84.105
8.8.8.8:53

t5tmike.no-ip.info

dns

tmpA6E9.tmp.exe

64 B
124 B
1
1

DNS Request

t5tmike.no-ip.info

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RESA7D4.tmp

Filesize
1KB

MD5
eae45deb2e4a1418b663cdce6f252e1e

SHA1
ebff4655fc1398f9c3570484ddcd9b48cfa2f853

SHA256
26b15615624c7f1ccd82d63637db783d2b14ba335b6fc19bd840893c396ac841

SHA512
37e95d0e77d69b74b4d80ebb8db8251847edff71b19e6c5b108783bfcbee762b05877e5aa72301d98bf840e1a3091e87b145f19acf0a9e4a6a1d74084b125304

Download Submit
C:\Users\Admin\AppData\Local\Temp\rlzmz1ii.0.vb

Filesize
15KB

MD5
47fcd62d00e3382db65d13d189c2d876

SHA1
6792e42d8c145e70c55b1c4f3897fb7b7fe0f27c

SHA256
737a276a97bb33f7f07f9561c7a7d1120daa06731428f0592889c26406f81176

SHA512
2bcf5fa80eb7e00ead31203039d5b7a0be8a63b845a7cde800093e1732353e6cf1828bed85a705036673ec8d097b003fc0d25fe9245dd2bbc128485aa9d20f0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\rlzmz1ii.cmdline

Filesize
266B

MD5
87e4df516c83c69f6d9a7f86c73cf6fb

SHA1
d23ac194b6c4084946eafdb8bb3d66a18cf99d5e

SHA256
f4de14ed032ae0e8f535efa1ff79410fce13a24787aaddfa27dacaae67a1cc1d

SHA512
171524f38497de67e3bee1f8e4fd8254c4eeadc8ab3628ce9b92e79fd8601c1e7f3f8c27476e4cf4ddd93460e5b3c286595cccb80bd3032a97a4a44223e4c369

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA6E9.tmp.exe

Filesize
78KB

MD5
d9c726d0974ab75e59b3d9100d307789

SHA1
286ed31cd81db35376d3f771a4a85cdfaa75dc3a

SHA256
a2e1e8b46941165da9c7a40586d7b4ddceda6066cacbb49c6808ed4a7bc30c3a

SHA512
c4f2ea5ce8ea72fc00b9843ac229fe30e02a1c745548fc25190052be34f2e026eb40743613df8ad1b167eb6e4b89190841dde1f23842e96293659a9be7c977ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcA7D3.tmp

Filesize
660B

MD5
28525c6f82ce04043dbfbade93426555

SHA1
129d824bdec58a0e01780b0d3866d93c237ac267

SHA256
3eecf32df6fdfcd993471a6d9158c012538133c25ffe51c36bb57d03d5249a57

SHA512
8018c52e647552f468e57478157a4a4ecbdfff51bb18b690ae80d5fc24be3a48ee7cff7013666ba45e62bddfba91549ba2843c4ca66105a49047cbd9c0458c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\zCom.resources

Filesize
62KB

MD5
a26b0f78faa3881bb6307a944b096e91

SHA1
42b01830723bf07d14f3086fa83c4f74f5649368

SHA256
b43ecda931e7af03f0768c905ed9fa82c03e41e566b1dff9960afc6b91ae5ab5

SHA512
a0e9c2814fca6bcf87e779592c005d7a8eef058a61f5a5443f7cf8d97e2316d0cde91ed51270bbcc23ccf68c7fc4a321a5a95a4eed75cb8d8a45cb3aa725fb9c

Download Submit
memory/1732-0-0x00000000742D1000-0x00000000742D2000-memory.dmp

Filesize
4KB

Download
memory/1732-1-0x00000000742D0000-0x000000007487B000-memory.dmp

Filesize
5.7MB

Download
memory/1732-4-0x00000000742D0000-0x000000007487B000-memory.dmp

Filesize
5.7MB

Download
memory/1732-24-0x00000000742D0000-0x000000007487B000-memory.dmp

Filesize
5.7MB

Download
memory/1880-9-0x00000000742D0000-0x000000007487B000-memory.dmp

Filesize
5.7MB

Download
memory/1880-18-0x00000000742D0000-0x000000007487B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request