Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    110s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/12/2024, 19:16 UTC

General

  • Target

    fd8b5802f4ae9db0248467e727d2a98b58f95ea2d8c060c140769446dbc0351c.exe

  • Size

    204KB

  • MD5

    4c60d92c2c5b2293b1b4b746dabd6866

  • SHA1

    0c45715bb04dae2ddc5ba3334f797cc6d8c5d761

  • SHA256

    fd8b5802f4ae9db0248467e727d2a98b58f95ea2d8c060c140769446dbc0351c

  • SHA512

    ec6c9308e786264d959f3684444028b1fc956886369af3eccadfed356d1430aef3e1f2ec647b6df725a09be16a26dc3d0c86b651c48a52350fdf3b63a8d9589b

  • SSDEEP

    3072:U5u7yT4TVbkuRaX1w71jnRkCoyJTarYWbV+HOFxg+z1WxJsqWkoyjOowUVl/TlA4:ULexkuRaX41xoyJV65gzyZko+uch

Malware Config

Extracted

Family

simda

Attributes
  • dga

    gatyfus.com

    lyvyxor.com

    vojyqem.com

    qetyfuv.com

    puvyxil.com

    gahyqah.com

    lyryfyd.com

    vocyzit.com

    qegyqaq.com

    purydyv.com

    gacyzuz.com

    lygymoj.com

    vowydef.com

    qexylup.com

    pufymoq.com

    gaqydeb.com

    lyxylux.com

    vofymik.com

    qeqysag.com

    puzylyp.com

    gadyniw.com

    lymysan.com

    volykyc.com

    qedynul.com

    pumypog.com

    galykes.com

    lysynur.com

    vonypom.com

    qekykev.com

    pupybul.com

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Simda family
  • simda

    Simda is an infostealer written in C++.

  • Executes dropped EXE 1 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd8b5802f4ae9db0248467e727d2a98b58f95ea2d8c060c140769446dbc0351c.exe
    "C:\Users\Admin\AppData\Local\Temp\fd8b5802f4ae9db0248467e727d2a98b58f95ea2d8c060c140769446dbc0351c.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4996

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    lyryfyd.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyryfyd.com
    IN A
    Response
  • flag-us
    DNS
    qetyfuv.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qetyfuv.com
    IN A
    Response
    qetyfuv.com
    IN A
    44.221.84.105
  • flag-us
    DNS
    vojyqem.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vojyqem.com
    IN A
    Response
    vojyqem.com
    IN CNAME
    77980.bodis.com
    77980.bodis.com
    IN A
    199.59.243.227
  • flag-us
    DNS
    lyvyxor.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyvyxor.com
    IN A
    Response
    lyvyxor.com
    IN A
    208.100.26.245
  • flag-us
    DNS
    puvyxil.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puvyxil.com
    IN A
    Response
  • flag-us
    DNS
    vocyzit.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vocyzit.com
    IN A
    Response
    vocyzit.com
    IN A
    44.221.84.105
  • flag-us
    DNS
    gahyqah.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gahyqah.com
    IN A
    Response
    gahyqah.com
    IN A
    162.255.119.102
    gahyqah.com
    IN A
    23.253.46.64
  • flag-us
    DNS
    qegyqaq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qegyqaq.com
    IN A
    Response
  • flag-us
    DNS
    purydyv.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    purydyv.com
    IN A
    Response
  • flag-us
    DNS
    gacyzuz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gacyzuz.com
    IN A
    Response
  • flag-us
    DNS
    lygymoj.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lygymoj.com
    IN A
    Response
  • flag-us
    DNS
    vowydef.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vowydef.com
    IN A
    Response
  • flag-us
    DNS
    qexylup.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qexylup.com
    IN A
    Response
  • flag-us
    DNS
    pufymoq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pufymoq.com
    IN A
    Response
  • flag-us
    DNS
    gaqydeb.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gaqydeb.com
    IN A
    Response
  • flag-us
    DNS
    lyxylux.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyxylux.com
    IN A
    Response
  • flag-us
    DNS
    vofymik.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vofymik.com
    IN A
    Response
  • flag-us
    DNS
    qeqysag.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qeqysag.com
    IN A
    Response
  • flag-us
    DNS
    puzylyp.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puzylyp.com
    IN A
    Response
    puzylyp.com
    IN A
    75.2.71.199
    puzylyp.com
    IN A
    99.83.170.3
  • flag-us
    DNS
    gadyniw.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gadyniw.com
    IN A
    Response
    gadyniw.com
    IN A
    154.212.231.82
  • flag-us
    DNS
    lymysan.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lymysan.com
    IN A
    Response
  • flag-us
    DNS
    volykyc.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    volykyc.com
    IN A
    Response
  • flag-us
    DNS
    qedynul.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qedynul.com
    IN A
    Response
  • flag-us
    DNS
    pumypog.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pumypog.com
    IN A
    Response
  • flag-us
    DNS
    gatyfus.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gatyfus.com
    IN A
    Response
    gatyfus.com
    IN A
    5.79.71.225
    gatyfus.com
    IN A
    5.79.71.205
    gatyfus.com
    IN A
    178.162.203.211
    gatyfus.com
    IN A
    85.17.31.122
    gatyfus.com
    IN A
    178.162.203.202
    gatyfus.com
    IN A
    178.162.203.226
    gatyfus.com
    IN A
    85.17.31.82
    gatyfus.com
    IN A
    178.162.217.107
  • flag-us
    DNS
    galykes.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    galykes.com
    IN A
    Response
  • flag-us
    DNS
    lysynur.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lysynur.com
    IN A
    Response
  • flag-us
    DNS
    qekykev.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qekykev.com
    IN A
    Response
  • flag-us
    DNS
    vonypom.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vonypom.com
    IN A
    Response
    vonypom.com
    IN A
    34.227.7.138
  • flag-us
    DNS
    pupybul.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pupybul.com
    IN A
    Response
  • flag-us
    DNS
    ganypih.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    ganypih.com
    IN A
    Response
  • flag-us
    DNS
    lykyjad.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lykyjad.com
    IN A
    Response
  • flag-us
    DNS
    vopybyt.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vopybyt.com
    IN A
    Response
  • flag-us
    DNS
    pujyjav.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pujyjav.com
    IN A
    Response
  • flag-us
    DNS
    gatyvyz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gatyvyz.com
    IN A
    Response
  • flag-us
    DNS
    lyvytuj.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyvytuj.com
    IN A
    Response
  • flag-us
    DNS
    vojyjof.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vojyjof.com
    IN A
    Response
  • flag-us
    DNS
    qetyvep.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qetyvep.com
    IN A
    Response
  • flag-us
    DNS
    puvytuq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puvytuq.com
    IN A
    Response
  • flag-us
    DNS
    gahyhob.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gahyhob.com
    IN A
    Response
  • flag-us
    DNS
    lyryvex.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyryvex.com
    IN A
    Response
  • flag-us
    DNS
    vocyruk.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vocyruk.com
    IN A
    Response
  • flag-us
    DNS
    qegyhig.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qegyhig.com
    IN A
    Response
    qegyhig.com
    IN A
    172.67.173.131
    qegyhig.com
    IN A
    104.21.30.183
  • flag-us
    DNS
    purycap.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    purycap.com
    IN A
    Response
  • flag-us
    DNS
    gacyryw.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gacyryw.com
    IN A
    Response
  • flag-us
    DNS
    lygygin.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lygygin.com
    IN A
    Response
  • flag-us
    DNS
    vowycac.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vowycac.com
    IN A
    Response
  • flag-us
    DNS
    qexyryl.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qexyryl.com
    IN A
    Response
  • flag-us
    DNS
    pufygug.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pufygug.com
    IN A
    Response
  • flag-us
    DNS
    gaqycos.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gaqycos.com
    IN A
    Response
  • flag-us
    DNS
    lyxywer.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyxywer.com
    IN A
    Response
  • flag-us
    DNS
    vofygum.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vofygum.com
    IN A
    Response
  • flag-us
    DNS
    qeqyxov.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qeqyxov.com
    IN A
    Response
  • flag-us
    DNS
    puzywel.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puzywel.com
    IN A
    Response
  • flag-us
    DNS
    gadyfuh.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gadyfuh.com
    IN A
    Response
  • flag-us
    DNS
    lymyxid.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lymyxid.com
    IN A
    Response
    lymyxid.com
    IN A
    3.94.10.34
  • flag-us
    DNS
    volyqat.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    volyqat.com
    IN A
    Response
  • flag-us
    DNS
    qedyfyq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qedyfyq.com
    IN A
    Response
  • flag-us
    DNS
    lykygur.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lykygur.com
    IN A
    Response
  • flag-us
    DNS
    pumyxiv.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pumyxiv.com
    IN A
    Response
  • flag-us
    DNS
    galyqaz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    galyqaz.com
    IN A
    Response
    galyqaz.com
    IN A
    199.191.50.83
  • flag-us
    DNS
    lysyfyj.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lysyfyj.com
    IN A
    Response
  • flag-us
    DNS
    vonyzuf.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vonyzuf.com
    IN A
    Response
  • flag-us
    DNS
    qekyqop.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qekyqop.com
    IN A
    Response
  • flag-us
    DNS
    qebytiq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qebytiq.com
    IN A
    Response
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    vojyqem.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vojyqem.com
    IN A
    Response
    vojyqem.com
    IN CNAME
    77980.bodis.com
    77980.bodis.com
    IN A
    199.59.243.227
  • flag-us
    GET
    http://vojyqem.com/login.php
    svchost.exe
    Remote address:
    199.59.243.227:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: vojyqem.com
    Content-Length: 6
    Response
    HTTP/1.1 200 OK
    date: Tue, 17 Dec 2024 19:17:04 GMT
    content-type: text/html; charset=utf-8
    content-length: 1098
    x-request-id: 00807140-731c-4921-bd7f-f26a2d8b8e63
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
    set-cookie: parking_session=00807140-731c-4921-bd7f-f26a2d8b8e63; expires=Tue, 17 Dec 2024 19:32:05 GMT; path=/
  • flag-us
    DNS
    qegyhig.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qegyhig.com
    IN A
    Response
    qegyhig.com
    IN A
    104.21.30.183
    qegyhig.com
    IN A
    172.67.173.131
  • flag-us
    DNS
    vocyzit.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vocyzit.com
    IN A
    Response
    vocyzit.com
    IN A
    44.221.84.105
  • flag-us
    DNS
    qetyfuv.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qetyfuv.com
    IN A
    Response
    qetyfuv.com
    IN A
    44.221.84.105
  • flag-us
    GET
    http://qegyhig.com/login.php
    svchost.exe
    Remote address:
    104.21.30.183:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: qegyhig.com
    Content-Length: 6
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 17 Dec 2024 19:17:05 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://qegyhig.com/login.php
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=otFkQepbTyu662n%2BQiFNFkseoOZBrdLQw8mcnCNQKaItkg1cIDFXs95iwYO8OkLCVyy3fkDJpWRc2HBepYUnMSnJ%2BK8fkCh66Bg4JLtCT%2FxiNG3mAnP2W7RH7yhDPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f394055db23653d-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=184302&min_rtt=184302&rtt_var=92151&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=268&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    GET
    http://qegyhig.com/login.php
    svchost.exe
    Remote address:
    104.21.30.183:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: qegyhig.com
    Content-Length: 6
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 17 Dec 2024 19:17:07 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://qegyhig.com/login.php
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PnBUDc579SO4FTVnwAr9Kv3l5v6DIXmw44Gh6wEBu5Ew2h10OjbImRqN6ZKvrCkua7QpMj5a9GG7aflEF%2BKgpIj%2F1U7NEA7UjPWxfNcFVXzKQMUYeamQbJiaQ0%2Fw3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f3940619ac9653d-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=185862&min_rtt=184302&rtt_var=41074&sent=5&recv=7&lost=0&retrans=0&sent_bytes=999&recv_bytes=536&delivery_rate=21314&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    DNS
    gatyfus.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gatyfus.com
    IN A
    Response
    gatyfus.com
    IN A
    178.162.203.202
    gatyfus.com
    IN A
    85.17.31.82
    gatyfus.com
    IN A
    85.17.31.122
    gatyfus.com
    IN A
    5.79.71.225
    gatyfus.com
    IN A
    178.162.203.226
    gatyfus.com
    IN A
    178.162.203.211
    gatyfus.com
    IN A
    178.162.217.107
    gatyfus.com
    IN A
    5.79.71.205
  • flag-us
    DNS
    lymyxid.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lymyxid.com
    IN A
    Response
    lymyxid.com
    IN A
    3.94.10.34
  • flag-us
    DNS
    puzylyp.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puzylyp.com
    IN A
    Response
    puzylyp.com
    IN A
    75.2.71.199
    puzylyp.com
    IN A
    99.83.170.3
  • flag-us
    DNS
    gahyqah.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gahyqah.com
    IN A
    Response
    gahyqah.com
    IN A
    162.255.119.102
    gahyqah.com
    IN A
    23.253.46.64
  • flag-us
    DNS
    lyvyxor.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyvyxor.com
    IN A
    Response
    lyvyxor.com
    IN A
    208.100.26.245
  • flag-us
    DNS
    gadyniw.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gadyniw.com
    IN A
    Response
    gadyniw.com
    IN A
    154.212.231.82
  • flag-us
    DNS
    galyqaz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    galyqaz.com
    IN A
    Response
    galyqaz.com
    IN A
    199.191.50.83
  • flag-us
    DNS
    vonypom.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vonypom.com
    IN A
    Response
    vonypom.com
    IN A
    34.227.7.138
  • flag-us
    GET
    http://lymyxid.com/login.php
    svchost.exe
    Remote address:
    3.94.10.34:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lymyxid.com
    Content-Length: 6
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 17 Dec 2024 19:17:05 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=7819951a28b0025533505467ad6f0fc8|181.215.176.83|1734463025|1734463025|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-de
    GET
    http://gatyfus.com/login.php
    svchost.exe
    Remote address:
    178.162.203.202:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: gatyfus.com
    Content-Length: 6
  • flag-hk
    GET
    http://gadyniw.com/login.php
    svchost.exe
    Remote address:
    154.212.231.82:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: gadyniw.com
    Content-Length: 6
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 17 Dec 2024 19:17:06 GMT
    Content-Type: text/html
    Content-Length: 548
    Connection: keep-alive
  • flag-hk
    GET
    http://gadyniw.com/login.php
    svchost.exe
    Remote address:
    154.212.231.82:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: gadyniw.com
    Content-Length: 6
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Tue, 17 Dec 2024 19:17:06 GMT
    Content-Type: text/html
    Content-Length: 548
    Connection: keep-alive
  • flag-us
    GET
    http://lyvyxor.com/login.php
    svchost.exe
    Remote address:
    208.100.26.245:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lyvyxor.com
    Content-Length: 6
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 17 Dec 2024 19:17:05 GMT
    Content-Type: text/html
    Content-Length: 580
    Connection: keep-alive
  • flag-us
    GET
    http://lyvyxor.com/login.php
    svchost.exe
    Remote address:
    208.100.26.245:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lyvyxor.com
    Content-Length: 6
    Response
    HTTP/1.1 404 Not Found
    Server: nginx/1.14.0 (Ubuntu)
    Date: Tue, 17 Dec 2024 19:17:06 GMT
    Content-Type: text/html
    Content-Length: 580
    Connection: keep-alive
  • flag-us
    GET
    http://gahyqah.com/login.php
    svchost.exe
    Remote address:
    162.255.119.102:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: gahyqah.com
    Content-Length: 6
    Response
    HTTP/1.1 302 Found
    Date: Tue, 17 Dec 2024 19:17:05 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 55
    Connection: keep-alive
    Location: http://www.gahyqah.com/login.php
    X-Served-By: Namecheap URL Forward
    Server: namecheap-nginx
  • flag-us
    GET
    http://vonypom.com/login.php
    svchost.exe
    Remote address:
    34.227.7.138:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: vonypom.com
    Content-Length: 6
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 17 Dec 2024 19:17:05 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=e11481bd19862ca1c518d3eeaa71a9c7|181.215.176.83|1734463025|1734463025|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://puzylyp.com/login.php
    svchost.exe
    Remote address:
    75.2.71.199:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: puzylyp.com
    Content-Length: 6
    Response
    HTTP/1.1 308 Permanent Redirect
    Connection: close
    Location: https://puzylyp.com/login.php
    Server: Caddy
    Date: Tue, 17 Dec 2024 19:17:05 GMT
    Content-Length: 0
  • flag-us
    GET
    http://galyqaz.com/login.php
    svchost.exe
    Remote address:
    199.191.50.83:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: galyqaz.com
    Content-Length: 6
    Response
    HTTP/1.1 302 Found
    Date: Tue, 17 Dec 2024 19:17:06 GMT
    Server: Apache
    Referrer-Policy: no-referrer-when-downgrade
    Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
    Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
    Set-Cookie: vsid=910vr4820086261300584; expires=Sun, 16-Dec-2029 19:17:06 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly
    Location: //ww3.galyqaz.com
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
  • flag-us
    GET
    https://qegyhig.com/login.php
    svchost.exe
    Remote address:
    104.21.30.183:443
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: qegyhig.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 17 Dec 2024 19:17:07 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RkYpGjnYwB4vOASJbC%2F9a%2Fp7yctBELGuSL5mri0KPXxuhntePeOboYl4VOuGBf0%2BDPmYTc6UEtEBse4J2OnS6hP08zOqADPMXjp8zNmMxcybE2YPI%2Bc1tXcjVr5Xow%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f39405f0b7b4145-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=165169&min_rtt=30766&rtt_var=44459&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3281&recv_bytes=573&delivery_rate=44107&cwnd=252&unsent_bytes=0&cid=a0d4572849214736&ts=1211&x=0"
  • flag-us
    DNS
    svchost.exe
    Remote address:
    104.21.30.183:443
    Response
    HTTP/1.1 400 Bad Request
    Server: cloudflare
    Date: Tue, 17 Dec 2024 19:17:07 GMT
    Content-Type: text/html
    Content-Length: 155
    Connection: close
    CF-RAY: -
  • flag-us
    GET
    https://puzylyp.com/login.php
    svchost.exe
    Remote address:
    75.2.71.199:443
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: puzylyp.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Alt-Svc: h3=":443"; ma=2592000
    Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
    Content-Type: text/html; charset=utf-8
    Date: Tue, 17 Dec 2024 19:17:07 GMT
    Etag: "vsd2ssumgd1cmb"
    Server: Caddy
    Server: awselb/2.0
    Vary: Accept-Encoding
    X-Powered-By: Next.js
    Transfer-Encoding: chunked
  • flag-us
    DNS
    www.gahyqah.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    www.gahyqah.com
    IN A
    Response
    www.gahyqah.com
    IN CNAME
    parkingpage.namecheap.com
    parkingpage.namecheap.com
    IN A
    91.195.240.19
  • flag-de
    GET
    http://www.gahyqah.com/login.php
    svchost.exe
    Remote address:
    91.195.240.19:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: www.gahyqah.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Tue, 17 Dec 2024 19:17:06 GMT
    content-type: text/html; charset=UTF-8
    transfer-encoding: chunked
    vary: Accept-Encoding
    expires: Mon, 26 Jul 1997 05:00:00 GMT
    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    pragma: no-cache
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_g5rlXs9RuRW4dglqQ5LydJEttSTVBsfpTg5YbTbTgxQyCxJaX/4wWztIAOuRl2yVYhX0WGF1Yaew3U85nGI5uA==
    last-modified: Tue, 17 Dec 2024 19:17:06 GMT
    x-cache-miss-from: parking-dc6db864f-4hmqv
    server: Parking/1.0
  • flag-de
    DNS
    svchost.exe
    Remote address:
    91.195.240.19:80
    Response
    HTTP/1.1 400 Bad request
    Content-length: 90
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-us
    DNS
    c.pki.goog
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    c.pki.goog
    IN A
    Response
    c.pki.goog
    IN CNAME
    pki-goog.l.google.com
    pki-goog.l.google.com
    IN A
    142.250.179.67
  • flag-fr
    GET
    http://c.pki.goog/r/gsr1.crl
    svchost.exe
    Remote address:
    142.250.179.67:80
    Request
    GET /r/gsr1.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 1739
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 17 Dec 2024 18:28:42 GMT
    Expires: Tue, 17 Dec 2024 19:18:42 GMT
    Cache-Control: public, max-age=3000
    Age: 2904
    Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-fr
    GET
    http://c.pki.goog/r/r4.crl
    svchost.exe
    Remote address:
    142.250.179.67:80
    Request
    GET /r/r4.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: c.pki.goog
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
    Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
    Content-Length: 436
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Tue, 17 Dec 2024 19:00:41 GMT
    Expires: Tue, 17 Dec 2024 19:50:41 GMT
    Cache-Control: public, max-age=3000
    Age: 985
    Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
    Content-Type: application/pkix-crl
    Vary: Accept-Encoding
  • flag-us
    DNS
    ww3.galyqaz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    ww3.galyqaz.com
    IN A
    Response
    ww3.galyqaz.com
    IN CNAME
    sedoparking.com
    sedoparking.com
    IN A
    64.190.63.136
  • flag-us
    DNS
    ww3.galyqaz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    ww3.galyqaz.com
    IN A
    Response
    ww3.galyqaz.com
    IN CNAME
    sedoparking.com
    sedoparking.com
    IN A
    64.190.63.136
  • flag-us
    DNS
    34.143.101.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    34.143.101.95.in-addr.arpa
    IN PTR
    Response
    34.143.101.95.in-addr.arpa
    IN PTR
    a95-101-143-34deploystaticakamaitechnologiescom
  • flag-us
    DNS
    227.243.59.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    227.243.59.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.30.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.30.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    202.203.162.178.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    202.203.162.178.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    199.71.2.75.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.71.2.75.in-addr.arpa
    IN PTR
    Response
    199.71.2.75.in-addr.arpa
    IN PTR
    af3ca1dc3c96d4fe3awsglobalacceleratorcom
  • flag-us
    DNS
    34.10.94.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    34.10.94.3.in-addr.arpa
    IN PTR
    Response
    34.10.94.3.in-addr.arpa
    IN PTR
    ec2-3-94-10-34 compute-1 amazonawscom
  • flag-us
    DNS
    245.26.100.208.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    245.26.100.208.in-addr.arpa
    IN PTR
    Response
    245.26.100.208.in-addr.arpa
    IN PTR
    ip245 208-100-26static steadfastdnsnet
  • flag-us
    DNS
    102.119.255.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    102.119.255.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    138.7.227.34.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.7.227.34.in-addr.arpa
    IN PTR
    Response
    138.7.227.34.in-addr.arpa
    IN PTR
    ec2-34-227-7-138 compute-1 amazonawscom
  • flag-us
    DNS
    83.50.191.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.50.191.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    82.231.212.154.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    82.231.212.154.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    67.179.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.179.250.142.in-addr.arpa
    IN PTR
    Response
    67.179.250.142.in-addr.arpa
    IN PTR
    par21s19-in-f31e100net
  • flag-us
    DNS
    19.240.195.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.240.195.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.149.64.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.149.64.172.in-addr.arpa
    IN PTR
    Response
  • flag-de
    GET
    http://ww3.galyqaz.com/
    svchost.exe
    Remote address:
    64.190.63.136:80
    Request
    GET / HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: ww3.galyqaz.com
    Connection: Keep-Alive
    Cookie: vsid=910vr4820086261300584
    Response
    HTTP/1.1 200 OK
    date: Tue, 17 Dec 2024 19:17:07 GMT
    content-type: text/html; charset=UTF-8
    transfer-encoding: chunked
    vary: Accept-Encoding
    expires: Mon, 26 Jul 1997 05:00:00 GMT
    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    pragma: no-cache
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_evc7N5FfUOmf13Nl+8D7+0irHI6C5wXyjgvzJn+lB3E1Qfjr/bYz10KXDPAJSx76rgq4GXBHZuidQRM73OngZw==
    last-modified: Tue, 17 Dec 2024 19:17:07 GMT
    x-cache-miss-from: parking-dc6db864f-bxjvd
    server: Parking/1.0
  • flag-de
    DNS
    svchost.exe
    Remote address:
    64.190.63.136:80
    Response
    HTTP/1.1 400 Bad request
    Content-length: 90
    Cache-Control: no-cache
    Connection: close
    Content-Type: text/html
  • flag-us
    GET
    https://qegyhig.com/login.php
    svchost.exe
    Remote address:
    104.21.30.183:443
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: qegyhig.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 17 Dec 2024 19:17:08 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9dzVZT4LBKpHZEUdYMC3rY8oK8xcpv8Hwo%2FYfqslv4dj97UnASsMfNCWtMitdjZHmoCRnvTlegMlzyVBOnJqkh%2BwLDXaHI9xhcEcSoxEqSmpxrmXU2p8TP7wZ1iSA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f3940634afdcd58-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=26474&min_rtt=26469&rtt_var=9936&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=723&delivery_rate=51184&cwnd=250&unsent_bytes=0&cid=b73b592ee0e2a3c3&ts=360&x=0"
  • flag-us
    DNS
    svchost.exe
    Remote address:
    104.21.30.183:443
    Response
    HTTP/1.1 400 Bad Request
    Server: cloudflare
    Date: Tue, 17 Dec 2024 19:17:08 GMT
    Content-Type: text/html
    Content-Length: 155
    Connection: close
    CF-RAY: -
  • flag-us
    DNS
    233.38.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    233.38.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    136.63.190.64.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    136.63.190.64.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-de
    GET
    http://gatyfus.com/login.php
    svchost.exe
    Remote address:
    178.162.203.202:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: gatyfus.com
    Content-Length: 6
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    pupydeq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pupydeq.com
    IN A
    Response
    pupydeq.com
    IN A
    76.223.54.146
    pupydeq.com
    IN A
    13.248.169.48
  • flag-us
    DNS
    ganyzub.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    ganyzub.com
    IN A
    Response
  • flag-us
    DNS
    lykymox.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lykymox.com
    IN A
    Response
  • flag-us
    DNS
    vopydek.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vopydek.com
    IN A
    Response
  • flag-us
    DNS
    qebylug.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qebylug.com
    IN A
    Response
  • flag-us
    DNS
    pujymip.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pujymip.com
    IN A
    Response
  • flag-us
    DNS
    gatydaw.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gatydaw.com
    IN A
    Response
  • flag-us
    DNS
    lyvylyn.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyvylyn.com
    IN A
    Response
  • flag-us
    DNS
    vojymic.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vojymic.com
    IN A
    Response
  • flag-us
    DNS
    qetysal.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qetysal.com
    IN A
    Response
  • flag-us
    DNS
    puvylyg.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puvylyg.com
    IN A
    Response
  • flag-us
    DNS
    gahynus.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gahynus.com
    IN A
    Response
  • flag-us
    DNS
    lyrysor.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyrysor.com
    IN A
    Response
    lyrysor.com
    IN CNAME
    zz1985.qu200.com
    zz1985.qu200.com
    IN CNAME
    gtm-sg-6l13ukk0m05.qu200.com
    gtm-sg-6l13ukk0m05.qu200.com
    IN A
    61.158.134.198
  • flag-us
    DNS
    vocykem.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vocykem.com
    IN A
    Response
  • flag-us
    DNS
    qegynuv.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qegynuv.com
    IN A
    Response
  • flag-us
    DNS
    purypol.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    purypol.com
    IN A
    Response
  • flag-us
    DNS
    gacykeh.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gacykeh.com
    IN A
    Response
  • flag-us
    DNS
    lygynud.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lygynud.com
    IN A
    Response
    lygynud.com
    IN A
    3.94.10.34
  • flag-us
    DNS
    qexykaq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qexykaq.com
    IN A
    Response
  • flag-us
    DNS
    vowypit.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vowypit.com
    IN A
    Response
  • flag-us
    DNS
    pufybyv.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pufybyv.com
    IN A
    Response
  • flag-us
    DNS
    gaqypiz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gaqypiz.com
    IN A
    Response
  • flag-us
    DNS
    lyxyjaj.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyxyjaj.com
    IN A
    Response
  • flag-us
    DNS
    vofybyf.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vofybyf.com
    IN A
    Response
  • flag-us
    DNS
    qeqytup.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qeqytup.com
    IN A
    Response
  • flag-us
    DNS
    puzyjoq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puzyjoq.com
    IN A
    Response
  • flag-us
    DNS
    gadyveb.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gadyveb.com
    IN A
    Response
  • flag-us
    DNS
    lymytux.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lymytux.com
    IN A
    Response
  • flag-us
    DNS
    volyjok.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    volyjok.com
    IN A
    Response
  • flag-us
    DNS
    pumytup.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pumytup.com
    IN A
    Response
  • flag-us
    DNS
    qedyveg.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qedyveg.com
    IN A
    Response
  • flag-us
    DNS
    galyhiw.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    galyhiw.com
    IN A
    Response
  • flag-us
    DNS
    lysyvan.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lysyvan.com
    IN A
    Response
    lysyvan.com
    IN A
    104.21.64.1
    lysyvan.com
    IN A
    104.21.48.1
    lysyvan.com
    IN A
    104.21.112.1
    lysyvan.com
    IN A
    104.21.32.1
    lysyvan.com
    IN A
    104.21.96.1
    lysyvan.com
    IN A
    104.21.16.1
    lysyvan.com
    IN A
    104.21.80.1
  • flag-us
    DNS
    vonyryc.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vonyryc.com
    IN A
    Response
  • flag-us
    DNS
    qekyhil.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qekyhil.com
    IN A
    Response
  • flag-us
    DNS
    pupycag.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pupycag.com
    IN A
    Response
    pupycag.com
    IN A
    34.227.7.138
  • flag-us
    DNS
    ganyrys.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    ganyrys.com
    IN A
    Response
  • flag-us
    DNS
    vopycom.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vopycom.com
    IN A
    Response
  • flag-us
    DNS
    pujygul.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pujygul.com
    IN A
    Response
  • flag-us
    DNS
    qebyrev.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qebyrev.com
    IN A
    Response
  • flag-us
    DNS
    lyvywed.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyvywed.com
    IN A
    Response
  • flag-us
    DNS
    vojygut.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vojygut.com
    IN A
    Response
  • flag-us
    DNS
    qetyxiq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qetyxiq.com
    IN A
    Response
  • flag-us
    DNS
    gahyfyz.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gahyfyz.com
    IN A
    Response
  • flag-us
    DNS
    puvywav.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puvywav.com
    IN A
    Response
  • flag-us
    DNS
    lyryxij.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyryxij.com
    IN A
    Response
  • flag-us
    DNS
    vocyqaf.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vocyqaf.com
    IN A
    Response
  • flag-us
    DNS
    qegyfyp.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qegyfyp.com
    IN A
    Response
  • flag-us
    DNS
    gacyqob.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gacyqob.com
    IN A
    Response
  • flag-us
    DNS
    puryxuq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puryxuq.com
    IN A
    Response
  • flag-us
    DNS
    vowyzuk.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vowyzuk.com
    IN A
    Response
  • flag-us
    DNS
    lygyfex.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lygyfex.com
    IN A
    Response
  • flag-us
    DNS
    gatycoh.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gatycoh.com
    IN A
    Response
  • flag-us
    DNS
    qexyqog.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qexyqog.com
    IN A
    Response
  • flag-us
    DNS
    pufydep.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pufydep.com
    IN A
    Response
  • flag-us
    DNS
    gaqyzuw.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gaqyzuw.com
    IN A
    Response
  • flag-us
    DNS
    lyxymin.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyxymin.com
    IN A
    Response
  • flag-us
    DNS
    vofydac.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    vofydac.com
    IN A
    Response
  • flag-us
    DNS
    qeqylyl.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    qeqylyl.com
    IN A
    Response
  • flag-us
    DNS
    puzymig.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    puzymig.com
    IN A
    Response
  • flag-us
    DNS
    gadydas.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    gadydas.com
    IN A
    Response
  • flag-us
    DNS
    lymylyr.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lymylyr.com
    IN A
    Response
  • flag-us
    DNS
    volymum.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    volymum.com
    IN A
    Response
  • flag-us
    DNS
    lyrysor.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lyrysor.com
    IN A
    Response
    lyrysor.com
    IN CNAME
    zz1985.qu200.com
    zz1985.qu200.com
    IN CNAME
    gtm-sg-6l13ukk0m05.qu200.com
    gtm-sg-6l13ukk0m05.qu200.com
    IN A
    61.158.134.198
  • flag-us
    DNS
    pupydeq.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pupydeq.com
    IN A
    Response
    pupydeq.com
    IN A
    13.248.169.48
    pupydeq.com
    IN A
    76.223.54.146
  • flag-us
    GET
    http://pupydeq.com/login.php
    svchost.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: pupydeq.com
    Content-Length: 6
    Response
    HTTP/1.1 500 Internal Server Error
    content-length: 97
    cache-control: no-cache
    content-type: text/html
  • flag-us
    GET
    http://pupydeq.com/login.php
    svchost.exe
    Remote address:
    13.248.169.48:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: pupydeq.com
    Content-Length: 6
    Response
    HTTP/1.1 500 Internal Server Error
    content-length: 97
    cache-control: no-cache
    content-type: text/html
  • flag-us
    DNS
    lygynud.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lygynud.com
    IN A
    Response
    lygynud.com
    IN A
    3.94.10.34
  • flag-us
    DNS
    lysyvan.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    lysyvan.com
    IN A
    Response
    lysyvan.com
    IN A
    104.21.112.1
    lysyvan.com
    IN A
    104.21.16.1
    lysyvan.com
    IN A
    104.21.80.1
    lysyvan.com
    IN A
    104.21.96.1
    lysyvan.com
    IN A
    104.21.64.1
    lysyvan.com
    IN A
    104.21.32.1
    lysyvan.com
    IN A
    104.21.48.1
  • flag-us
    DNS
    pupycag.com
    svchost.exe
    Remote address:
    8.8.8.8:53
    Request
    pupycag.com
    IN A
    Response
    pupycag.com
    IN A
    34.227.7.138
  • flag-us
    GET
    http://lysyvan.com/login.php
    svchost.exe
    Remote address:
    104.21.112.1:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lysyvan.com
    Content-Length: 6
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 17 Dec 2024 19:18:24 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://lysyvan.com/login.php
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VXSnOkAqO%2BrParwGlbw1uCx4693R5KqV0hjyC8dHtBmjxlH%2FC7tXcq4tTKHuIqiFrpEB69ITMOhmS2tsFU365mxJQhwyvSdSaYVI83CHC2tgeYfK4%2FlYx9f2l0KsAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f394243888388bf-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=27155&min_rtt=27155&rtt_var=13577&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=268&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    GET
    http://lysyvan.com/login.php
    svchost.exe
    Remote address:
    104.21.112.1:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lysyvan.com
    Content-Length: 6
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 17 Dec 2024 19:18:25 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: https://lysyvan.com/login.php
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DoZHIcoQ5m5eeAYlCm0mX9AoRoET7UinD0%2Fwx4uKg6%2BXswXuRkObGxNHjhl7psjFzb%2FgxPGStqmsWKV5PFtm%2FPRmgicCBEIfuEQjPTzp4USRd9ICVN27Sc9PNfS66g%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f394248ced088bf-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=27447&min_rtt=27155&rtt_var=8142&sent=4&recv=6&lost=0&retrans=0&sent_bytes=997&recv_bytes=536&delivery_rate=95392&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
  • flag-us
    GET
    http://lygynud.com/login.php
    svchost.exe
    Remote address:
    3.94.10.34:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lygynud.com
    Content-Length: 6
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 17 Dec 2024 19:18:24 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=927f8eef5066d05e764d495f35ad0cc1|181.215.176.83|1734463104|1734463104|0|1|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    http://pupycag.com/login.php
    svchost.exe
    Remote address:
    34.227.7.138:80
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: pupycag.com
    Content-Length: 6
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Tue, 17 Dec 2024 19:18:24 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=f6e1dc80003bbb8e0dc9581b5b83091f|181.215.176.83|1734463104|1734463104|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=181.215.176.83; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
  • flag-us
    GET
    https://lysyvan.com/login.php
    svchost.exe
    Remote address:
    104.21.112.1:443
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lysyvan.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 17 Dec 2024 19:18:25 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
    server-timing: amp_sanitizer;dur="28.5",amp_style_sanitizer;dur="12.9",amp_tag_and_attribute_sanitizer;dur="13.3",amp_optimizer;dur="4.1"
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kGynM87Z1Dn3OdJv4B%2F0khiuetID3q80S%2F0sCdBx83bW9IVqeZgtwzQC3oEQSnMdqNA464gkM19mNTC%2FSUHsWp0UJPLqPrJhLkKPDFQKFlJqwGuGO3a7GG17vaPGmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f3942461d8f63d2-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=27566&min_rtt=27316&rtt_var=4694&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3279&recv_bytes=573&delivery_rate=146586&cwnd=253&unsent_bytes=0&cid=788c8065c49769d3&ts=481&x=0"
  • flag-us
    DNS
    svchost.exe
    Remote address:
    104.21.112.1:443
    Response
    HTTP/1.1 400 Bad Request
    Server: cloudflare
    Date: Tue, 17 Dec 2024 19:18:25 GMT
    Content-Type: text/html
    Content-Length: 155
    Connection: close
    CF-RAY: -
  • flag-us
    DNS
    1.112.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.112.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://lysyvan.com/login.php
    svchost.exe
    Remote address:
    104.21.112.1:443
    Request
    GET /login.php HTTP/1.1
    Referer: http://www.google.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
    Host: lysyvan.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Tue, 17 Dec 2024 19:18:26 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
    server-timing: amp_sanitizer;dur="23.8",amp_style_sanitizer;dur="9.9",amp_tag_and_attribute_sanitizer;dur="11.0",amp_optimizer;dur="2.7"
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TipzCqaPTx0P0%2FjucxzbeFanRsYOkMkUsDaoJm3KGB8VP%2BOsxi%2FtTGm4M0324XUyjN7bSzO5cMk3EphcCwyIvd0aPmq1N3lCCGjGNUYCCYx4%2FxPgplQevbq62iU%2FfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8f39424aecd8cd14-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=28103&min_rtt=27212&rtt_var=10841&sent=3&recv=6&lost=0&retrans=0&sent_bytes=115&recv_bytes=723&delivery_rate=49867&cwnd=250&unsent_bytes=0&cid=edf821ae1b832f9c&ts=418&x=0"
  • flag-us
    DNS
    svchost.exe
    Remote address:
    104.21.112.1:443
    Response
    HTTP/1.1 400 Bad Request
    Server: cloudflare
    Date: Tue, 17 Dec 2024 19:18:26 GMT
    Content-Type: text/html
    Content-Length: 155
    Connection: close
    CF-RAY: -
  • flag-us
    DNS
    48.169.248.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.169.248.13.in-addr.arpa
    IN PTR
    Response
    48.169.248.13.in-addr.arpa
    IN PTR
    a904c694c05102f30awsglobalacceleratorcom
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 95.101.143.34:80
    www.bing.com
    svchost.exe
    190 B
    92 B
    4
    2
  • 199.59.243.227:80
    http://vojyqem.com/login.php
    http
    svchost.exe
    826 B
    2.4kB
    12
    6

    HTTP Request

    GET http://vojyqem.com/login.php

    HTTP Response

    200
  • 104.21.30.183:80
    http://qegyhig.com/login.php
    http
    svchost.exe
    1.1kB
    2.4kB
    12
    10

    HTTP Request

    GET http://qegyhig.com/login.php

    HTTP Response

    301

    HTTP Request

    GET http://qegyhig.com/login.php

    HTTP Response

    301
  • 44.221.84.105:80
    qetyfuv.com
    svchost.exe
    260 B
    5
  • 44.221.84.105:80
    qetyfuv.com
    svchost.exe
    260 B
    5
  • 3.94.10.34:80
    http://lymyxid.com/login.php
    http
    svchost.exe
    544 B
    627 B
    6
    5

    HTTP Request

    GET http://lymyxid.com/login.php

    HTTP Response

    200
  • 178.162.203.202:80
    http://gatyfus.com/login.php
    http
    svchost.exe
    452 B
    88 B
    4
    2

    HTTP Request

    GET http://gatyfus.com/login.php
  • 154.212.231.82:80
    http://gadyniw.com/login.php
    http
    svchost.exe
    1.0kB
    1.6kB
    11
    6

    HTTP Request

    GET http://gadyniw.com/login.php

    HTTP Response

    404

    HTTP Request

    GET http://gadyniw.com/login.php

    HTTP Response

    404
  • 208.100.26.245:80
    http://lyvyxor.com/login.php
    http
    svchost.exe
    898 B
    1.7kB
    8
    5

    HTTP Request

    GET http://lyvyxor.com/login.php

    HTTP Response

    404

    HTTP Request

    GET http://lyvyxor.com/login.php

    HTTP Response

    404
  • 162.255.119.102:80
    http://gahyqah.com/login.php
    http
    svchost.exe
    682 B
    475 B
    9
    4

    HTTP Request

    GET http://gahyqah.com/login.php

    HTTP Response

    302
  • 34.227.7.138:80
    http://vonypom.com/login.php
    http
    svchost.exe
    544 B
    619 B
    6
    5

    HTTP Request

    GET http://vonypom.com/login.php

    HTTP Response

    200
  • 75.2.71.199:80
    http://puzylyp.com/login.php
    http
    svchost.exe
    590 B
    418 B
    7
    6

    HTTP Request

    GET http://puzylyp.com/login.php

    HTTP Response

    308
  • 199.191.50.83:80
    http://galyqaz.com/login.php
    http
    svchost.exe
    544 B
    928 B
    6
    4

    HTTP Request

    GET http://galyqaz.com/login.php

    HTTP Response

    302
  • 104.21.30.183:443
    https://qegyhig.com/login.php
    tls, http
    svchost.exe
    4.4kB
    97.1kB
    83
    79

    HTTP Request

    GET https://qegyhig.com/login.php

    HTTP Response

    404

    HTTP Response

    400
  • 75.2.71.199:443
    https://puzylyp.com/login.php
    tls, http
    svchost.exe
    3.9kB
    71.0kB
    72
    70

    HTTP Request

    GET https://puzylyp.com/login.php

    HTTP Response

    200
  • 91.195.240.19:80
    http://www.gahyqah.com/login.php
    http
    svchost.exe
    1.4kB
    26.4kB
    24
    22

    HTTP Request

    GET http://www.gahyqah.com/login.php

    HTTP Response

    200

    HTTP Response

    400
  • 142.250.179.67:80
    http://c.pki.goog/r/r4.crl
    http
    svchost.exe
    602 B
    3.9kB
    8
    7

    HTTP Request

    GET http://c.pki.goog/r/gsr1.crl

    HTTP Response

    200

    HTTP Request

    GET http://c.pki.goog/r/r4.crl

    HTTP Response

    200
  • 64.190.63.136:80
    http://ww3.galyqaz.com/
    http
    svchost.exe
    1.4kB
    26.9kB
    24
    22

    HTTP Request

    GET http://ww3.galyqaz.com/

    HTTP Response

    200

    HTTP Response

    400
  • 104.21.30.183:443
    https://qegyhig.com/login.php
    tls, http
    svchost.exe
    4.5kB
    93.9kB
    83
    79

    HTTP Request

    GET https://qegyhig.com/login.php

    HTTP Response

    404

    HTTP Response

    400
  • 44.221.84.105:80
    qetyfuv.com
    svchost.exe
    260 B
    5
  • 44.221.84.105:80
    qetyfuv.com
    svchost.exe
    260 B
    5
  • 178.162.203.202:80
    http://gatyfus.com/login.php
    http
    svchost.exe
    660 B
    88 B
    8
    2

    HTTP Request

    GET http://gatyfus.com/login.php
  • 13.248.169.48:80
    http://pupydeq.com/login.php
    http
    svchost.exe
    950 B
    622 B
    9
    5

    HTTP Request

    GET http://pupydeq.com/login.php

    HTTP Response

    500

    HTTP Request

    GET http://pupydeq.com/login.php

    HTTP Response

    500
  • 104.21.112.1:80
    http://lysyvan.com/login.php
    http
    svchost.exe
    898 B
    2.3kB
    8
    7

    HTTP Request

    GET http://lysyvan.com/login.php

    HTTP Response

    301

    HTTP Request

    GET http://lysyvan.com/login.php

    HTTP Response

    301
  • 61.158.134.198:80
    lyrysor.com
    svchost.exe
    260 B
    5
  • 3.94.10.34:80
    http://lygynud.com/login.php
    http
    svchost.exe
    544 B
    627 B
    6
    5

    HTTP Request

    GET http://lygynud.com/login.php

    HTTP Response

    200
  • 34.227.7.138:80
    http://pupycag.com/login.php
    http
    svchost.exe
    544 B
    627 B
    6
    5

    HTTP Request

    GET http://pupycag.com/login.php

    HTTP Response

    200
  • 104.21.112.1:443
    https://lysyvan.com/login.php
    tls, http
    svchost.exe
    3.1kB
    51.6kB
    55
    51

    HTTP Request

    GET https://lysyvan.com/login.php

    HTTP Response

    404

    HTTP Response

    400
  • 104.21.112.1:443
    https://lysyvan.com/login.php
    tls, http
    svchost.exe
    3.2kB
    48.5kB
    55
    51

    HTTP Request

    GET https://lysyvan.com/login.php

    HTTP Response

    404

    HTTP Response

    400
  • 61.158.134.198:80
    lyrysor.com
    svchost.exe
    260 B
    5
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    lyryfyd.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyryfyd.com

  • 8.8.8.8:53
    qetyfuv.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    qetyfuv.com

    DNS Response

    44.221.84.105

  • 8.8.8.8:53
    vojyqem.com
    dns
    svchost.exe
    57 B
    99 B
    1
    1

    DNS Request

    vojyqem.com

    DNS Response

    199.59.243.227

  • 8.8.8.8:53
    lyvyxor.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    lyvyxor.com

    DNS Response

    208.100.26.245

  • 8.8.8.8:53
    puvyxil.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puvyxil.com

  • 8.8.8.8:53
    vocyzit.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    vocyzit.com

    DNS Response

    44.221.84.105

  • 8.8.8.8:53
    gahyqah.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    gahyqah.com

    DNS Response

    162.255.119.102
    23.253.46.64

  • 8.8.8.8:53
    qegyqaq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qegyqaq.com

  • 8.8.8.8:53
    purydyv.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    purydyv.com

  • 8.8.8.8:53
    gacyzuz.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gacyzuz.com

  • 8.8.8.8:53
    lygymoj.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lygymoj.com

  • 8.8.8.8:53
    vowydef.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vowydef.com

  • 8.8.8.8:53
    qexylup.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qexylup.com

  • 8.8.8.8:53
    pufymoq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pufymoq.com

  • 8.8.8.8:53
    gaqydeb.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gaqydeb.com

  • 8.8.8.8:53
    lyxylux.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyxylux.com

  • 8.8.8.8:53
    vofymik.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vofymik.com

  • 8.8.8.8:53
    qeqysag.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qeqysag.com

  • 8.8.8.8:53
    puzylyp.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    puzylyp.com

    DNS Response

    75.2.71.199
    99.83.170.3

  • 8.8.8.8:53
    gadyniw.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    gadyniw.com

    DNS Response

    154.212.231.82

  • 8.8.8.8:53
    lymysan.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lymysan.com

  • 8.8.8.8:53
    volykyc.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    volykyc.com

  • 8.8.8.8:53
    qedynul.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qedynul.com

  • 8.8.8.8:53
    pumypog.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pumypog.com

  • 8.8.8.8:53
    gatyfus.com
    dns
    svchost.exe
    57 B
    185 B
    1
    1

    DNS Request

    gatyfus.com

    DNS Response

    5.79.71.225
    5.79.71.205
    178.162.203.211
    85.17.31.122
    178.162.203.202
    178.162.203.226
    85.17.31.82
    178.162.217.107

  • 8.8.8.8:53
    galykes.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    galykes.com

  • 8.8.8.8:53
    lysynur.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lysynur.com

  • 8.8.8.8:53
    qekykev.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qekykev.com

  • 8.8.8.8:53
    vonypom.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    vonypom.com

    DNS Response

    34.227.7.138

  • 8.8.8.8:53
    pupybul.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pupybul.com

  • 8.8.8.8:53
    ganypih.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    ganypih.com

  • 8.8.8.8:53
    lykyjad.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lykyjad.com

  • 8.8.8.8:53
    vopybyt.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vopybyt.com

  • 8.8.8.8:53
    pujyjav.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pujyjav.com

  • 8.8.8.8:53
    gatyvyz.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gatyvyz.com

  • 8.8.8.8:53
    lyvytuj.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyvytuj.com

  • 8.8.8.8:53
    vojyjof.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vojyjof.com

  • 8.8.8.8:53
    qetyvep.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qetyvep.com

  • 8.8.8.8:53
    puvytuq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puvytuq.com

  • 8.8.8.8:53
    gahyhob.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gahyhob.com

  • 8.8.8.8:53
    lyryvex.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyryvex.com

  • 8.8.8.8:53
    vocyruk.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vocyruk.com

  • 8.8.8.8:53
    qegyhig.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    qegyhig.com

    DNS Response

    172.67.173.131
    104.21.30.183

  • 8.8.8.8:53
    purycap.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    purycap.com

  • 8.8.8.8:53
    gacyryw.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gacyryw.com

  • 8.8.8.8:53
    lygygin.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lygygin.com

  • 8.8.8.8:53
    vowycac.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vowycac.com

  • 8.8.8.8:53
    qexyryl.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qexyryl.com

  • 8.8.8.8:53
    pufygug.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pufygug.com

  • 8.8.8.8:53
    gaqycos.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gaqycos.com

  • 8.8.8.8:53
    lyxywer.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyxywer.com

  • 8.8.8.8:53
    vofygum.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vofygum.com

  • 8.8.8.8:53
    qeqyxov.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qeqyxov.com

  • 8.8.8.8:53
    puzywel.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puzywel.com

  • 8.8.8.8:53
    gadyfuh.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gadyfuh.com

  • 8.8.8.8:53
    lymyxid.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    lymyxid.com

    DNS Response

    3.94.10.34

  • 8.8.8.8:53
    volyqat.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    volyqat.com

  • 8.8.8.8:53
    qedyfyq.com
    dns
    svchost.exe
    114 B
    260 B
    2
    2

    DNS Request

    qedyfyq.com

    DNS Request

    lykygur.com

  • 8.8.8.8:53
    pumyxiv.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pumyxiv.com

  • 8.8.8.8:53
    galyqaz.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    galyqaz.com

    DNS Response

    199.191.50.83

  • 8.8.8.8:53
    lysyfyj.com
    dns
    svchost.exe
    57 B
    57 B
    1
    1

    DNS Request

    lysyfyj.com

  • 8.8.8.8:53
    vonyzuf.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vonyzuf.com

  • 8.8.8.8:53
    qekyqop.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qekyqop.com

  • 8.8.8.8:53
    qebytiq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qebytiq.com

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    vojyqem.com
    dns
    svchost.exe
    57 B
    99 B
    1
    1

    DNS Request

    vojyqem.com

    DNS Response

    199.59.243.227

  • 8.8.8.8:53
    qegyhig.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    qegyhig.com

    DNS Response

    104.21.30.183
    172.67.173.131

  • 8.8.8.8:53
    vocyzit.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    vocyzit.com

    DNS Response

    44.221.84.105

  • 8.8.8.8:53
    qetyfuv.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    qetyfuv.com

    DNS Response

    44.221.84.105

  • 8.8.8.8:53
    gatyfus.com
    dns
    svchost.exe
    57 B
    185 B
    1
    1

    DNS Request

    gatyfus.com

    DNS Response

    178.162.203.202
    85.17.31.82
    85.17.31.122
    5.79.71.225
    178.162.203.226
    178.162.203.211
    178.162.217.107
    5.79.71.205

  • 8.8.8.8:53
    lymyxid.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    lymyxid.com

    DNS Response

    3.94.10.34

  • 8.8.8.8:53
    puzylyp.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    puzylyp.com

    DNS Response

    75.2.71.199
    99.83.170.3

  • 8.8.8.8:53
    gahyqah.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    gahyqah.com

    DNS Response

    162.255.119.102
    23.253.46.64

  • 8.8.8.8:53
    lyvyxor.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    lyvyxor.com

    DNS Response

    208.100.26.245

  • 8.8.8.8:53
    gadyniw.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    gadyniw.com

    DNS Response

    154.212.231.82

  • 8.8.8.8:53
    galyqaz.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    galyqaz.com

    DNS Response

    199.191.50.83

  • 8.8.8.8:53
    vonypom.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    vonypom.com

    DNS Response

    34.227.7.138

  • 8.8.8.8:53
    www.gahyqah.com
    dns
    svchost.exe
    61 B
    113 B
    1
    1

    DNS Request

    www.gahyqah.com

    DNS Response

    91.195.240.19

  • 8.8.8.8:53
    c.pki.goog
    dns
    svchost.exe
    56 B
    107 B
    1
    1

    DNS Request

    c.pki.goog

    DNS Response

    142.250.179.67

  • 8.8.8.8:53
    ww3.galyqaz.com
    dns
    svchost.exe
    122 B
    206 B
    2
    2

    DNS Request

    ww3.galyqaz.com

    DNS Request

    ww3.galyqaz.com

    DNS Response

    64.190.63.136

    DNS Response

    64.190.63.136

  • 8.8.8.8:53
    34.143.101.95.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    34.143.101.95.in-addr.arpa

  • 8.8.8.8:53
    227.243.59.199.in-addr.arpa
    dns
    73 B
    131 B
    1
    1

    DNS Request

    227.243.59.199.in-addr.arpa

  • 8.8.8.8:53
    183.30.21.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    183.30.21.104.in-addr.arpa

  • 8.8.8.8:53
    202.203.162.178.in-addr.arpa
    dns
    74 B
    137 B
    1
    1

    DNS Request

    202.203.162.178.in-addr.arpa

  • 8.8.8.8:53
    199.71.2.75.in-addr.arpa
    dns
    70 B
    126 B
    1
    1

    DNS Request

    199.71.2.75.in-addr.arpa

  • 8.8.8.8:53
    34.10.94.3.in-addr.arpa
    dns
    69 B
    121 B
    1
    1

    DNS Request

    34.10.94.3.in-addr.arpa

  • 8.8.8.8:53
    245.26.100.208.in-addr.arpa
    dns
    73 B
    127 B
    1
    1

    DNS Request

    245.26.100.208.in-addr.arpa

  • 8.8.8.8:53
    102.119.255.162.in-addr.arpa
    dns
    74 B
    154 B
    1
    1

    DNS Request

    102.119.255.162.in-addr.arpa

  • 8.8.8.8:53
    138.7.227.34.in-addr.arpa
    dns
    71 B
    125 B
    1
    1

    DNS Request

    138.7.227.34.in-addr.arpa

  • 8.8.8.8:53
    83.50.191.199.in-addr.arpa
    dns
    72 B
    139 B
    1
    1

    DNS Request

    83.50.191.199.in-addr.arpa

  • 8.8.8.8:53
    82.231.212.154.in-addr.arpa
    dns
    73 B
    134 B
    1
    1

    DNS Request

    82.231.212.154.in-addr.arpa

  • 8.8.8.8:53
    67.179.250.142.in-addr.arpa
    dns
    73 B
    111 B
    1
    1

    DNS Request

    67.179.250.142.in-addr.arpa

  • 8.8.8.8:53
    19.240.195.91.in-addr.arpa
    dns
    72 B
    156 B
    1
    1

    DNS Request

    19.240.195.91.in-addr.arpa

  • 8.8.8.8:53
    23.149.64.172.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    23.149.64.172.in-addr.arpa

  • 8.8.8.8:53
    233.38.18.104.in-addr.arpa
    dns
    72 B
    134 B
    1
    1

    DNS Request

    233.38.18.104.in-addr.arpa

  • 8.8.8.8:53
    136.63.190.64.in-addr.arpa
    dns
    72 B
    156 B
    1
    1

    DNS Request

    136.63.190.64.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    pupydeq.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    pupydeq.com

    DNS Response

    76.223.54.146
    13.248.169.48

  • 8.8.8.8:53
    ganyzub.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    ganyzub.com

  • 8.8.8.8:53
    lykymox.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lykymox.com

  • 8.8.8.8:53
    vopydek.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vopydek.com

  • 8.8.8.8:53
    qebylug.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qebylug.com

  • 8.8.8.8:53
    pujymip.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pujymip.com

  • 8.8.8.8:53
    gatydaw.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gatydaw.com

  • 8.8.8.8:53
    lyvylyn.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyvylyn.com

  • 8.8.8.8:53
    vojymic.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vojymic.com

  • 8.8.8.8:53
    qetysal.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qetysal.com

  • 8.8.8.8:53
    puvylyg.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puvylyg.com

  • 8.8.8.8:53
    gahynus.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gahynus.com

  • 8.8.8.8:53
    lyrysor.com
    dns
    svchost.exe
    57 B
    133 B
    1
    1

    DNS Request

    lyrysor.com

    DNS Response

    61.158.134.198

  • 8.8.8.8:53
    vocykem.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vocykem.com

  • 8.8.8.8:53
    qegynuv.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qegynuv.com

  • 8.8.8.8:53
    purypol.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    purypol.com

  • 8.8.8.8:53
    gacykeh.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gacykeh.com

  • 8.8.8.8:53
    lygynud.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    lygynud.com

    DNS Response

    3.94.10.34

  • 8.8.8.8:53
    vowypit.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vowypit.com

  • 8.8.8.8:53
    qexykaq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qexykaq.com

  • 8.8.8.8:53
    pufybyv.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pufybyv.com

  • 8.8.8.8:53
    gaqypiz.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gaqypiz.com

  • 8.8.8.8:53
    lyxyjaj.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyxyjaj.com

  • 8.8.8.8:53
    vofybyf.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vofybyf.com

  • 8.8.8.8:53
    qeqytup.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qeqytup.com

  • 8.8.8.8:53
    puzyjoq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puzyjoq.com

  • 8.8.8.8:53
    gadyveb.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gadyveb.com

  • 8.8.8.8:53
    lymytux.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lymytux.com

  • 8.8.8.8:53
    volyjok.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    volyjok.com

  • 8.8.8.8:53
    pumytup.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pumytup.com

  • 8.8.8.8:53
    qedyveg.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qedyveg.com

  • 8.8.8.8:53
    galyhiw.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    galyhiw.com

  • 8.8.8.8:53
    lysyvan.com
    dns
    svchost.exe
    57 B
    169 B
    1
    1

    DNS Request

    lysyvan.com

    DNS Response

    104.21.64.1
    104.21.48.1
    104.21.112.1
    104.21.32.1
    104.21.96.1
    104.21.16.1
    104.21.80.1

  • 8.8.8.8:53
    vonyryc.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vonyryc.com

  • 8.8.8.8:53
    qekyhil.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qekyhil.com

  • 8.8.8.8:53
    pupycag.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    pupycag.com

    DNS Response

    34.227.7.138

  • 8.8.8.8:53
    ganyrys.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    ganyrys.com

  • 8.8.8.8:53
    vopycom.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vopycom.com

  • 8.8.8.8:53
    pujygul.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pujygul.com

  • 8.8.8.8:53
    qebyrev.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qebyrev.com

  • 8.8.8.8:53
    lyvywed.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyvywed.com

  • 8.8.8.8:53
    vojygut.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vojygut.com

  • 8.8.8.8:53
    qetyxiq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qetyxiq.com

  • 8.8.8.8:53
    gahyfyz.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gahyfyz.com

  • 8.8.8.8:53
    puvywav.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puvywav.com

  • 8.8.8.8:53
    lyryxij.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyryxij.com

  • 8.8.8.8:53
    vocyqaf.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vocyqaf.com

  • 8.8.8.8:53
    qegyfyp.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qegyfyp.com

  • 8.8.8.8:53
    gacyqob.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gacyqob.com

  • 8.8.8.8:53
    puryxuq.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puryxuq.com

  • 8.8.8.8:53
    vowyzuk.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vowyzuk.com

  • 8.8.8.8:53
    lygyfex.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lygyfex.com

  • 8.8.8.8:53
    gatycoh.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gatycoh.com

  • 8.8.8.8:53
    qexyqog.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qexyqog.com

  • 8.8.8.8:53
    pufydep.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    pufydep.com

  • 8.8.8.8:53
    gaqyzuw.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gaqyzuw.com

  • 8.8.8.8:53
    lyxymin.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lyxymin.com

  • 8.8.8.8:53
    vofydac.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    vofydac.com

  • 8.8.8.8:53
    qeqylyl.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    qeqylyl.com

  • 8.8.8.8:53
    puzymig.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    puzymig.com

  • 8.8.8.8:53
    gadydas.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    gadydas.com

  • 8.8.8.8:53
    lymylyr.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    lymylyr.com

  • 8.8.8.8:53
    volymum.com
    dns
    svchost.exe
    57 B
    130 B
    1
    1

    DNS Request

    volymum.com

  • 8.8.8.8:53
    lyrysor.com
    dns
    svchost.exe
    57 B
    133 B
    1
    1

    DNS Request

    lyrysor.com

    DNS Response

    61.158.134.198

  • 8.8.8.8:53
    pupydeq.com
    dns
    svchost.exe
    57 B
    89 B
    1
    1

    DNS Request

    pupydeq.com

    DNS Response

    13.248.169.48
    76.223.54.146

  • 8.8.8.8:53
    lygynud.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    lygynud.com

    DNS Response

    3.94.10.34

  • 8.8.8.8:53
    lysyvan.com
    dns
    svchost.exe
    57 B
    169 B
    1
    1

    DNS Request

    lysyvan.com

    DNS Response

    104.21.112.1
    104.21.16.1
    104.21.80.1
    104.21.96.1
    104.21.64.1
    104.21.32.1
    104.21.48.1

  • 8.8.8.8:53
    pupycag.com
    dns
    svchost.exe
    57 B
    73 B
    1
    1

    DNS Request

    pupycag.com

    DNS Response

    34.227.7.138

  • 8.8.8.8:53
    1.112.21.104.in-addr.arpa
    dns
    71 B
    133 B
    1
    1

    DNS Request

    1.112.21.104.in-addr.arpa

  • 8.8.8.8:53
    48.169.248.13.in-addr.arpa
    dns
    72 B
    128 B
    1
    1

    DNS Request

    48.169.248.13.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BEBD.tmp

    Filesize

    24KB

    MD5

    886fa3a152d872032bd5759a19ee54e4

    SHA1

    c8e5b8f2dc89dfa5f0d9d7c9b301b48422313aad

    SHA256

    3d685c7e80514bc94a42ee15641345edaafe0831317e05f81d458ec96053f3d1

    SHA512

    997b408cf2237f65302a05a179d936023ffa2951f9a1dfb64559031847120271212bb37edc54c7219312961e07774907e814305edea520e11cf597f80727df90

  • C:\Users\Admin\AppData\Local\Temp\BEBF.tmp

    Filesize

    1KB

    MD5

    5e5d47b4183e6b5a135ead4beaaf7051

    SHA1

    3efcdb68d9d83afc05fc7c8072c3ac5a4d6f28cc

    SHA256

    b2cfdd13c40645a1ed0bce28f3219d8a1e8a1592b74b65f7f040aa93c8d090dd

    SHA512

    2e366aa45fd09cf917f53700023d351c1fad009cceca897158754498b69ddd2eae9eb7564dbb2ec1ce3380beb8f2e1a3a280d5f3727ed54256ad978f96a2c4e5

  • C:\Windows\apppatch\svchost.exe

    Filesize

    204KB

    MD5

    9a907d8cdbf23de4c38d0ea57fdd8b02

    SHA1

    f1801212519fd0fd965e0515ddfd54698f69b467

    SHA256

    ae92ce234e9b5a3a42eeaee5463632bc218320fcd6d319de4f556caa03fac3c8

    SHA512

    e7671313152b8b25c4c0e651c4ecd26c2c90ef61780793440b7ca6ecfe75c9eb9a15bcf04214df9ed8955dfdabed913ae7706cc8efd00e2d3df18ae98c56706b

  • memory/4376-0-0x0000000000400000-0x000000000057D000-memory.dmp

    Filesize

    1.5MB

  • memory/4376-1-0x00000000022E0000-0x0000000002331000-memory.dmp

    Filesize

    324KB

  • memory/4376-2-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

  • memory/4376-14-0x0000000000400000-0x000000000057D000-memory.dmp

    Filesize

    1.5MB

  • memory/4376-16-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

  • memory/4376-15-0x00000000022E0000-0x0000000002331000-memory.dmp

    Filesize

    324KB

  • memory/4996-61-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-57-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-17-0x0000000000400000-0x000000000057D000-memory.dmp

    Filesize

    1.5MB

  • memory/4996-18-0x0000000002AB0000-0x0000000002B58000-memory.dmp

    Filesize

    672KB

  • memory/4996-19-0x0000000000400000-0x000000000057D000-memory.dmp

    Filesize

    1.5MB

  • memory/4996-20-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-24-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-22-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-32-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-40-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-79-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-78-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-77-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-76-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-75-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-74-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-73-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-72-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-71-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-70-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-69-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-67-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-66-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-65-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-64-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-63-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-62-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-12-0x0000000000400000-0x000000000057D000-memory.dmp

    Filesize

    1.5MB

  • memory/4996-60-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-59-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-58-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-13-0x0000000000400000-0x000000000057D000-memory.dmp

    Filesize

    1.5MB

  • memory/4996-56-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-55-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-54-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-52-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-51-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-50-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-49-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-48-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-46-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-45-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-44-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-43-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-42-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-41-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-39-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-38-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-37-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-36-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-35-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-34-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-33-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-30-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-31-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-29-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-28-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-27-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-26-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-68-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-53-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-47-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

  • memory/4996-25-0x0000000002CA0000-0x0000000002D56000-memory.dmp

    Filesize

    728KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.